Deakin University has confirmed it was the victim of a cyberattack, with the personal information of 46,980 current and past students now leaked into the wild.
According to Deakin, the information was accessed via software the uni uses. A staff member’s username and password was ‘hacked’ and used by an unauthorised person to access information held by a third-party provider on 10 July 2022.
This gave them access to the contact details of 46,980 current and past Deakin students. The contact details included student name, student ID, student mobile number, Deakin email address and comments such as recent unit results.
Deakin said the person did download all of this data.
The unauthorised person then began sending messages, pretending it was Deakin.
“This third-party has been engaged by Deakin to forward messages prepared by the University to students via SMS. The information accessed by the unauthorised person was then used to send an SMS, as if from Deakin, to 9,997 Deakin students,” the uni explained.
It said that anyone who clicked the link was taken to a form which asked for additional information including credit card details.
With the breach only occurring Sunday, Deakin said on Tuesday that an investigation was immediately commenced and that it’s working with the Office of the Victorian Information Commissioner (OVIC) on the matter.
“Deakin sincerely apologises to those impacted by this incident and wants to assure the Deakin community that it is conducting a thorough investigation to prevent a similar incident from occurring again,” it wrote.
If you’re affected by the breach, or you received the SMS message, first thing you should do is change your password. Might be worth giving the heads up to your financial institution, too, so they can monitor for any suspicious activity. Also, don’t click links you don’t know aren’t spam. Reach out to Deakin if you need something a little more specific – you can also contact Student Central.