Skip to navigation Skip to content
Hands resting on laptop keyboard

12 July 2022

Deakin has been targeted in a cyber attack this week – here’s what happened and what you should do

UPDATED 14 July 2022

Deakin University was recently targeted in a data security breach earlier this week. Deakin sincerely apologises to those impacted by this incident and wants to assure the Deakin community that it is conducting a thorough investigation to prevent a similar incident from occurring again.

What happened?

On Sunday 10 July, Deakin University became aware of an incident in which a staff member’s username and password was hacked and used by an unauthorised person to access information held by a third-party provider.

This third-party has been engaged by Deakin to forward messages prepared by the University to students via SMS. The information accessed by the unauthorised person was then used to send an SMS, as if from Deakin, to 9,997 Deakin students with the following text:

Screenshot of SMS scam

Anyone who clicked on the link was taken to a form which asked for additional information including credit card details.

In addition to sending the SMS, the unauthorised person downloaded the contact details of 46,980 current and past Deakin students.

The contact details included student name, student ID, student mobile number, Deakin email address and special comments. The special comments included recent unit results. 

Immediate action was taken by Deakin to stop any further SMS messages being sent to students and an investigation into the data breach was immediately commenced.

What is Deakin doing now?

Deakin will report the breach, and be guided by, the Office of the Victorian Information Commissioner (OVIC).

Deakin continues to investigate the incident and is working with the third-party provider to ensure security protocols are enhanced to prevent any recurrence of this breach.

What do I do now?

If you received this SMS message or have been contacted by Deakin to advise you are part of this breach, please read the following information.

Deakin is working with IDCARE, Australia’s national identity and cyber support community service. They have expert Case Managers who can work with you in addressing concerns in relation to personal information risks and any instances where you think your information may have been misused. IDCARE’s services are at no cost to you. If you wish to speak with one of their expert Case Managers please complete an online Get Help form at or call 1800 595 160 (Monday to Friday 8am-5pm AEST). When engaging IDCARE please use the referral code DUVL and your Deakin email address.

Other things you can do:

Malicious attacks are becoming more common place, and more difficult for individuals to detect, however we must all remain vigilant. Deakin’s Cyber Security team is committed to protecting the personal information of our entire community.

How to stay safe online

We will continue to take an educative and proactive approach to cyber security and continue to strengthen our systems to prevent future incidents. 

How Deakin communicates with students

As per Deakin’s student communication and policy and procedure, the means for communicating with current students are:

Deakin will never send a text message or email demanding money.  Any requests for payment would be done via Deakin’s standard payment methods. If in doubt please contact Student Central.

Where to get more information or support

You can contact Student Central in the first instance with any questions or concerns, and we encourage you to visit Deakin’s Cybersecurity blog for more information. DUSA’s financial counselling service may also be able to help you.

The following external websites provide helpful resources and information about scams, including advice on what you should do if you suspect you have been scammed or you’re in need of financial assistance.   

back to top