The personal information of 46,980 Deakin University students have been stolen in a data breach, of which almost 10,000 of which received an SMS scam message shortly after.
The breach, which was first discovered by Deakin University on July 10, began when an attacker used a staff member’s username and password to access student information via one of Deakin’s third party providers.
The attacker went on to use the information of 9,997 Deakin students in an SMS phishing campaign, with victims prompted to make payment for a fraudulent postal delivery.
Recipients that opened the links in the SMS were led to a page that requested not only personal details, but credit card information as well.
Any students that followed the malicious link’s requests are now susceptible to attacks such as identity theft and payment fraud.
Universities under fire
Australia’s tertiary sector is no stranger to big cyber attacks, with this incident marking the third major university breach in the last three years.
Education is repeatedly one of the top five industries that reports falling victim to data breaches, according to the Office of the Victorian Information Commissioner’s (OVIC) Notifiable Data Breaches Report.
Professor Matt Warren, Director of the RMIT University Centre for Cyber Security Research and Innovation, said the motivation for the attack was financial, “as the attackers have sought to obtain personally identifiable information including credit card details that could be…
