Major Australian university is HACKED with personal details of past and present students used to send malicious text messages
- Personal details of thousands of Deakin University students stolen by hacker
- Almost 10,000 scam texts sent out to students purporting to from university
- Text told students they owed fees on a delivery asked for credit card details
- Hacker used staff username and password to access the student database
A hacker has stolen personal details of nearly 47,000 past and present Deakin University students and used them to send out scam text messages.
Almost 10,000 students received the text, which purportedly came from the Melbourne university.
The text read: ‘Your parcel is available, you have to pay customs fees urgently on the link below.’
The scam text sent out to thousands of Deakin University students after their personal details were stolen by a hacker
If students clicked on the link they were asked to provide credit card details.
The hacker used a university staff member’s username and password on Sunday to access student data information held by a third-party provider that the university contracts to contact students.
The hacker stole the names, students numbers, mobile numbers, email addresses and even recent unit results of 46,980 past and present Deakin University students
As well as mobile numbers the hacker was able to steal student numbers, email addresses and even recent unit results of 46,980 past and present students.
The scam texts went out to 9,997 people, who have been advised to contact their financial institution immediately if they provided credit card numbers.
The university said it took ‘immediate action’ to stop the texts being sent and has apologised for the incident
The university said it was also offering help through it support services hub Student Central.
In a blog post a spokesperson for the university said urgent measures had been taken once the breach had been discovered.
The hacker was able to use a staff member’s username and password to get into the data kept by a third-party provider the university uses to contact students
‘Immediate action was taken by Deakin to stop any further SMS messages being sent to students and an investigation into the data breach was immediately commenced,’ the spokesperson wrote.’
‘Deakin sincerely apologises to those impacted by this incident and wants to assure the Deakin community that it is conducting a thorough investigation to prevent a similar incident from occurring again.’
Deakin has also reported the breach to the Office of the Victorian Information Commissioner.
The Australian Communication and Media Authority on Tuesday introduced new rules protecting Australians from scam texts.
Telecommunication companies are now required to identify, trace and block text scams, and publish information to help their customers manage and report scams.
Anyone who has fallen victim to a telecommunications scam is urged to report it, which can be done at the Australian Competition and Consumer Commission website Scamwatch.