Deakin University suffered a data breach that affected nearly 47,000 current and past students, with the attacker carrying out a smishing attempt as well, the university revealed yesterday.
The university became aware of an incident on Sunday 10 July in which a staff member’s username and password were hacked by an unauthorised person to access information held by a third-party provider.
The Victorian university was using the third party to forward messages prepared by the university to students via SMS. The information accessed by the attacker was then used to send an SMS, pretending to be from Deakin to 9,997 students.
The smish was a parcel delivering scam containing a link that when clicked on, took users to a web form asking for additional information including credit card details.
Additionally, the attacker was able to download the contact details of 46,980 current and past Deakin students. The details included students’ names, mobile numbers, university email addresses, and “special comments” which include recent exam results.
“Deakin sincerely apologises to those impacted by this incident and wants to assure the Deakin community that it is conducting a thorough investigation to prevent a similar incident from occurring again,” said the university.
RELATED RESOURCE
The Total Economic Impact™ of IBM Security MaaS360 with Watson
Cost savings and business benefits enabled by MaaS360
Deakin said it took immediate action to stop any further SMS messages being sent to students and an investigation into the data breach was launched.
The university said it would report the breach and be guided by the Office of the Victorian Information Commissioner (OVIC). It will also work with the third-party provider to ensure security protocols are enhanced to prevent any recurrence of the breach.
Academic institutions are battling a war on three fronts, according to experts. This includes cyber warfare, a variety of threats targeting both students and staff, and a complicated and fluid technology environment.
This isn’t the first Australian university to suffer a cyber attack, as the nation’s top-ranked university confirmed it suffered a huge data breach in 2019, leaking students’ bank and passport details.
The Australian National University (ANU) found that the records stolen belonged to students dating back 19 years. The information included names, email addresses, payroll information, bank account details, and more. This was the second attack it experienced in a year, the first occurred in July 2018 and reportedly was carried out by a group operating out of China.
-
Third time lucky? Microsoft finally begins roll-out of controversial Recall featureNews The Windows Recall feature has been plagued by setbacks and backlash from security professionals
-
The UK government wants quantum technology out of the lab and in the hands of enterprisesNews The UK government has unveiled plans to invest £121 million in quantum computing projects in an effort to drive real-world applications and adoption rates.
-
Latitude Financial's data policies questioned after more than 14 million records stolenNews Some of the data is from at least 2005 and includes customers’ name, address, and date of birth
-
Latitude hack now under state investigation as customers struggle to protect their accountsNews The cyber attack has affected around 330,000 customers, although the company has said this is likely to increase
-
IDCARE: Meet the cyber security charity shaping Australia and New Zealand's data breach responseCase Studies IDCARE is recruiting a reserve army to turbocharge the fightback against cyber crime not just in the region, but in the interests of victims all over the world
-
Australia commits to establishing second national cyber security agencyNews The country is still aiming to be the most cyber-secure country in the world by 2030
-
Medibank bleeds $26 million in cyber costs following hackNews The company believes this figure could rise to $45 million for the 2023 financial year
-
TikTok's two new European data centres to address data protection concernsNews The company is under pressure to prove its user data isn’t being accessed by the Chinese state
-
Cyber attack on Australia’s TPG Telecom affects 15,000 customersNews It is the third cyber attack on a major Australian telco since October
-
Telstra blames IT blunder for leak of 130,000 customer recordsNews Australia’s biggest telco said that the error was due to a mismanagement of databases and not a cyber attack
