Deakin Uni hacked, 10,000 students spammed

Victoria’s Deakin University has been the the subject of a recent cyberattack. 

Hackers used a staff member’s username and password to access student contact data held by an unnamed third-party provider.

Deakin contracts that third-party company to send bona fide text messages to students. 

However, the SMS sent to almost 10 thousand students purported to be from courier company Aramex, and asked the recipients to click on a link to pay customs fees.

Online commentators have noted the irony of a university that offers cybersecurity degrees being a cyber-target.

In addition to the mass spamming incident, Deakin confirms the cyberattack allowed the hackers to download the contact details of 47 thousand current and past Deakin students. 

Those details included the student’s name, their student ID, mobile number, Deakin email address, special comments, and recent results.

A report by the Office of the Victorian Information Commissioner, or OVIC, confirms that Victoria’s universities are increasingly subject to cybersecurity attacks. 

Last year, a cyberattack at rival Victorian university RMIT caused the suspension of new student enrolments there and temporarily halted the processing of staff payroll.

The OVIC says all Victorian universities, including Deakin, have prioritised ICT and cyber security risks. That includes training staff on cybersecurity issues, conducting Privacy Impact Assessments for new projects involving personal information, and having a data breach response plan.

- CyberBeat