Select Page

Incident: Deakin University reveals breach of 47,000 students’ details | iTnews

Incident: Deakin University reveals breach of 47,000 students’ details | iTnews

Australian Cyber Attack, 13 July 2022

Deakin University reveals privacy breach of 47,000 students’ details

Subset targeted with smish sent via officially-used SMS channel.

Company Report: Deakin has been targeted in a cyber attack this week – here’s what happened and what you should do
Source: Deakin University reveals breach of 47,000 students’ details | iTnews

Related incidents from Victoria and the Education and Training sector..

Deakin University has revealed a data breach impacting almost 47,000 current and past students, along with a ‘SMiShingSMiShing or smish is a type of phishing where the message is sent via SMS text message rather than email.
’ attempt that compromised a legitimate communications channel to target 10,000 current students.

On Sunday 10 July, Deakin University became aware of an incident in which a staff member’s username and password was hacked and used by an unauthorised person to access information held by a third-party provider.

This third-party has been engaged by Deakin to forward messages prepared by the University to students via SMS. The information accessed by the unauthorised person was then used to send an SMS, as if from Deakin, to 9,997. The smish was a parcel delivery scam that directed students to a webform that sought additional information, such as a payment card, to free a fake parcel from customs.

However, the attacker was able to go further than the smish campaign, and download “the contact details of 46,980 current and past Deakin students.”

“The contact details included student name, student ID, student mobile number, Deakin email address and special comments,” it said.

“The special comments included recent unit results.”

Deakin will report the breach, and be guided by, the Office of the Victorian Information Commissioner (OVIC).

Deakin continues to investigate the incident and is working with the third-party provider to ensure security protocols are enhanced to prevent any recurrence of this breach.

 


About The Author

Steven Kirby

I provide independent and practical consultancy services through raising awareness and fostering the energy for change that delivers improved business management of information security governance, risk and compliance.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

More Australian News

Weekly Australian News and Monthly Incident Review Emails

No advertisements, marketing, sales, or unsolicited emails. Your email address is ONLY used to send the publications listed above.

* indicates required


Shares
Share This