Birdie Kingston, 27, started out with a plot to gain cheap parking on the grounds of the University of Western Sydney, police allege, when she first dabbled at hacking the uni’s systems.

But from 2021 until this week when she was arrested inside her dishevelled apartment at Kingswood by detectives from the NSW Police Cybercrimes Squad, police say Kingston escalated her hacking activities on the university’s databases, potentially affecting thousands of people.

Cybercrime Squad boss Detective Superintendent Jason Smith said Strike Force Docker began to investigate the series of unauthorised accesses on the university, and quickly realised there were similar methodologies in all the data breaches over the four years.

“It’s very apparent that the person behind them has a very high level of technical skill … ultimately the circumstances around those incidents pointed towards the involvement of a single person,” Superintendent Smith said.

Police allege Kingston’s online exploits began from a plot to access cheap parking on the uni campus, by accessing a discount she was not entitled to.

As the offending escalated, the electrical engineering graduate is alleged to have altered her academic results to improve them. Police said she then managed to hack into the personal information of hundreds of students, then threatened to sell it on the dark web.

“It is estimated that hundreds of university staff and students were affected by these incidents,” a NSW Police spokesman said.

Images of police raiding Kingston’s unit on Wednesday showed a messy unit with clothes strewn across the floor, dirty plates on the kitchen bench and shopping bags on the floor.

The woman could be seen clutching a water bottle while officers spoke with her, before she was led away to a waiting police vehicle.

Police took Kingston to St Marys Police Station where she was charged with 20 offences including accessing and modifying restricted data, possessing data with intent to commit computer offence and demand with menaces intended to cause loss.

Kingston, who served as the uni’s general officer of the Queer Collective in 2024, is due to appear in Penrith Local Court on Friday.

In a statement, the university said it had working closely with police but also improved its online security systems.

“The University has invested in a significant program to uplift our cyber capabilities. This includes employing specialist staff, implementing new technologies that enhance our ability to detect, respond to and defend against threats to our digital environment,” the statement said.

Investigators seized computer equipment and mobile devices during the raid where more than 100 gigabytes of data from the university’s system was allegedly recovered on a cloud server.

Superintendent Smith said investigators were still working through a “mountain of data” as part of the “complex” investigation. Do you have a story for The Daily Telegraph? Message 0481 056 618 or email tips@dailytelegraph.com.au

More Coverage

12 years after surviving a shooting, these two are still targeted

Mark Morri

Love costs baby killer Keli Lane’s boyfriend his job

Clementine Cuneo