10,000 Deakin University students caught up in cyber attack

10,000 Deakin University students caught up in cyber attack

Deakin University (via Facebook).

Around 10,000 Deakin University students have been embroiled in a cyber attack after a hacker gained access to the institution’s internal systems and targeted individuals with scam text messages.

In a blog post yesterday, Deakin University said on Sunday 10 July it became aware of the incident which also saw the cyber criminal download the contact details of 46,980 current and past students including their names, student IDs, mobile numbers, Deakin email addresses and even recent unit results.

The texts, sent to 9,997 students, came about after a staff member’s username and password was obtained by a hacker and used to access information held by a third-party provider engaged by Deakin to forward messages prepared by the University to students by SMS.

The students were then sent an SMS, as if from Deakin, with the following text:

Screenshot of scam text sent to Deakin University students

According to the university, anyone who clicked on the link was then taken to a form which asked for additional information, including credit card details.

“Immediate action was taken by Deakin to stop any further SMS messages being sent to students and an investigation into the data breach was immediately commenced,” Deakin University said.

“Deakin will report the breach, and be guided by, the Office of the Victorian Information Commissioner (OVIC).

“Deakin continues to investigate the incident and is working with the third-party provider to ensure security protocols are enhanced to prevent any recurrence of this breach.”

Those who received the SMS have been asked by the University to stay vigilant as further spam attempts to access private data may be made.

Further, those who clicked the link in the text message and sent money or shared banking details have been asked to contact their financial institution immediately.

Other actions that can be taken by concerned students include changing passwords and reaching out to the University for tailored assistance.

“Malicious attacks are becoming more common place, and more difficult for individuals to detect, however we must all remain vigilant,” Deakin University said.

“Deakin’s Cyber Security team is committed to protecting the personal information of our entire community.”

The incident comes amid a heightened environment for targeted attacks by cyber criminals, with Australians robbed of more than $2 billion by scammers in 2021.

According to the Australian Competition and Consumer Commission’s (ACCC) latest Targeting Scams report, this record amount stolen was recorded despite government, law enforcement and the private sector disrupting more scam activity than ever before.

Reported losses to all organisations totalled almost $1.8 billion, but as one-third of victims do not report scams the ACCC estimates actual losses were well over $2 billion.

Investment scams were the highest loss category ($701 million) in 2021, followed by payment redirection scams ($227 million), and romance scams ($142 million).

“Scam activity continues to increase, and last year a record number of Australians lost a record amount of money,” ACCC deputy chair Delia Rickard said.

“Scammers are the most opportunistic of all criminals: they pose as charities after a natural disaster, health departments during a pandemic, and love interests every day.”

“The true cost of scams is more than a dollar figure as they also cause serious emotional harm to individuals, families, and businesses.”

Companies that fail to have adequate systems in place to protect consumers from cybersecurity risks are also on notice. 

In May this year RI Advice was ordered to repay $750,000 in legal fees to the corporate watchdog after the Federal Court determined the former ANZ (ASX: ANZ) subsidiary breached its license obligations by failing to have adequate systems in place to manage cybersecurity risks.

The judgement was a first in Australian legal history and came after nine cybersecurity incidents occurred at RI Advice authorised representatives' practices between June 2014 and May 2020.

“These cyber-attacks were significant events that allowed third parties to gain unauthorised access to sensitive personal information,” Australian Securities and Investment Commission (ASIC) deputy chair Sarah Court said.

“It is imperative for all entities, including licensees, to have adequate cybersecurity systems in place to protect against unauthorised access."

Enjoyed this article?

Don't miss out on the knowledge and insights to be gained from our daily news and features.

Subscribe today to unlock unlimited access to in-depth business coverage, expert analysis, and exclusive content across all devices.

Support independent journalism and stay informed with stories that matter to you.

Subscribe now and get 50% off your first year!

SMEs urged to consider business insurance to mitigate financial risks
Partner Content
A single “bad luck” incident could cause financial disaster for many Australian sma...
Advertisement

Related Stories

Bailador tops up investment in volunteer management software scale-up Rosterfy

Bailador tops up investment in volunteer management software scale-up Rosterfy

Privately held shares in global volunteer management platform Roste...

Quantum computing group Q-CTRL secures $87m top-up for a record $167m Series B capital raise

Quantum computing group Q-CTRL secures $87m top-up for a record $167m Series B capital raise

Sydney-based quantum computing group Q-CTRL has expanded its Series...

Federal Court shows Qantas no mercy with $100m fine for selling cancelled flight tickets

Federal Court shows Qantas no mercy with $100m fine for selling cancelled flight tickets

The Federal Court has shown Qantas Airways no mercy for selling tic...

Salter Brothers tops up hotel portfolio with acquisition of Bannisters group’s three NSW properties

Salter Brothers tops up hotel portfolio with acquisition of Bannisters group’s three NSW properties

Salter Brothers has topped up its $2.5 billion hotel portfolio thro...