The Victorian university said they suffered a security breach earlier this week in which an unauthorized person hacked a staff members login to obtain student details.
A SMS was sent out to almost 10,000 students detailing that they had a parcel to collect from Aramex and once they clicked on the link were asked to provide their credit card details.
Deakin University said the hacker also downloaded the information of 46,980 students which included their name, student ID, mobile number, and email address.
Assessment and unit marks were also obtained with the education provider saying that they’ve put a stop to the text messages and opened an investigation.
“Deakin sincerely apologises to those impacted by this incident and wants to assure the Deakin community that it is conducting a thorough investigation to prevent a similar incident from occurring again,” they said.
“Malicious attacks are becoming more common place, and more difficult for individuals to detect, however we must all remain vigilant. Deakin’s Cyber Security team is committed to protecting the personal information of our entire community.”
They’ve said that the breach will be reported to the Office of the Victorian Information Commissioner and that student should be aware and know the ways in which the university contacts them.
Emails, phone calls, online student portals and postal are the most common forms of communication they said, and that text messages will only be sent if this is an option students approve.
It’s unknown whether any student fell victim to the scam but it’s an occurrence that happens quite often.
Last year, Swinburne University suffered a data breach which published details of over 5000 staff and 100 students on the internet. It was found the data came from an event registration page which had contact details and names of potential attendees.
In previous years Australia National University, Australian Catholic University and the University of Tasmania also had mass data breaches which affected thousands of people.