Deakin Uni cyberattack reveals data breach of 47,000 students’ details

Share

Deakin University has revealed a massive data breach after it had been targeted in a recent cyberattack, which has compromised the contact details of almost 47,000 current and past students.  

The incident at the Victorian university occurred after a hacker was able to access a staff member’s username and password and information held by a third-party provider.  

This allowed the hacker to access information held by the third-party provider, which the university uses to forward their messages to students via SMS.  

“The information accessed by the unauthorised person was then used to send an SMS, as if from Deakin, to 9997 Deakin students,” the university said in a statement.  

Students of the university received an SMS claiming they had a parcel available, directing them to a webform that sought additional information, such as a payment card, to free a fake parcel from customs. 

The university said that its staff became aware of the cyberattack incident on Sunday, and that it had used the third-party provider in the past to send text messages to students.  

While the university took “immediate action” to pause its use of the communications channel, the attacker was able to download the contact details of 46,980 current and past Deakin students. 

Data such as the students’ names, student IDs, mobile numbers, email addresses and comments which included recent unit results were acquired by the hacker. 

“Immediate action was taken by Deakin to stop any further SMS messages being sent to students and an investigation into the data breach was immediately commenced,” the university said.  

The university is investigating the incident and has engaged with the Office of the Victorian Information Commissioner (OVIC). It is also working with the third-party provider to improve cybersecurity.    

The cyberattack on the university comes after the Australian Communication and Media Authority on Tuesday introduced new rules protecting Australians from scam texts.

Telecommunication companies are now required to identify, trace and block text scams, and publish information to help their customers manage and report scams.

With AAP