Birdie Kingston, an ex-engineering student at Western Sydney University, has been detained in custody after she received new charges concerning a massive email cyber fraud campaign. According to the report, riot squad and cybercrime officials arrested Kingston in her home in North Kellyville.
Shortly after, authorities charged her with masterminding the circulation of more than 109,000 fraudulent emails that falsely told recipients their qualifications were revoked. Some emails also informed others that the institution had expelled them.
Kingston’s recent action, happening amid her bail for initial cyber breach allegations, highlights the non-stop dangers of insider online breaches in the educational sector. This case exemplifies the rising trend of institutional cyber-attacks reflected in the latest cybersecurity statistics (a must-read for everyone). It has even raised serious concerns regarding bail conditions in online crime situations.
Unveiling a four-year cyber fraud campaign
Kingston’s purported criminal actions started back in 2021, when she allegedly started making several targeted breaches against the institution’s digital systems. Authorities charged the engineering student with exploiting her enrollment to illegitimately access secret or confidential information. In 2023, she ramped up her attacks against the established systems and institutions by exposing many instances of unauthorized system access, hacking, and data theft.
She committed a number of criminal offenses, including changing her grades on her academic transcript to make it appear as if she’d gone from failing to passing and participating in the disruption of the institution’s exam process, causing significant chaos for students and faculty alike.
Authorities further arrested her in June this year and filed 20 initial charges, including possessing data with the intent to commit a digital crime, multiple counts of accessing and modifying exclusive data, and dishonestly accessing and altering exclusive data. They also charged her with fraudulently obtaining financial privileges through deception.
Furthermore, court documents revealed that Kingston even attempted to sell the exfiltrated student details on the darknet for $40,000 via crypto. If she had committed the act, it could potentially expose up to thousands of people to identity theft and fraudulent activities. This attempt to monetize stolen academic data mirrors a growing global trend of targeting universities, as seen in the recent breach where hackers leaked data from France’s prestigious Sorbonne University to the dark web.
The Court placed conditions on her bail, requiring her to stay away from all smartphones, computers, and Internet access to maintain complete digital separation from others.
On the contrary, law enforcement authorities stated that her grievances with the institution spurred ongoing malice and led to the most recent digital system breaches.
Breach of bail and the Email onslaught
Despite receiving bail conditions, Kingston reportedly accessed the institution’s internal servers in October 2025. She hacked into two of WSU’s email accounts and used them to send a massive 109,745 scam messages.
She created her messages to mimic official communications and falsely claimed that WSU had terminated degrees or permanently excluded students. Law enforcement officers note that her intentions were twofold: to intentionally tarnish the institution’s reputation while causing emotional havoc on students, and to cause financial disadvantage via deception.
Cyber detectives tracked the egregious activity to Kingston’s and subsequently raided her property. Upon reaching her home, the officers recovered a modified smartphone working as a computer terminal, which Kingston used to breach the bail conditions.
Notably, she appeared in Parramatta Local Court the next day and chose not to apply for bail. So authorities detained her at Amber Laurel Correctional Centre in Emu Plains.
