A known issue exists which enables derestricted user administrators to remove in scope users from groups outside their scope when performing a bulk update. This does not enable a User administrator to modify user's who are not within their scope but does enable them to make changes beyond that expected. Additionally, derestricted user administrators can create new groups, which is beyond the scope of this role.
You are advised not to derestrict the User administrator role at this stage if this is a risk to your organisation. This issue does not effect restricted user administrators (which is the default setting).
Please see the Explained: The User Administrator role article for further information on restricted and derestricted user administrators.