Deakin has been targeted in a cyber attack this week – here’s what happened and what you should do
UPDATED 14 July 2022
Deakin University was recently targeted in a data security breach earlier this week. Deakin sincerely apologises to those impacted by this incident and wants to assure the Deakin community that it is conducting a thorough investigation to prevent a similar incident from occurring again.
On Sunday 10 July, Deakin University became aware of an incident in which a staff member’s username and password was hacked and used by an unauthorised person to access information held by a third-party provider.
This third-party has been engaged by Deakin to forward messages prepared by the University to students via SMS. The information accessed by the unauthorised person was then used to send an SMS, as if from Deakin, to 9,997 Deakin students with the following text:
Anyone who clicked on the link was taken to a form which asked for additional information including credit card details.
In addition to sending the SMS, the unauthorised person downloaded the contact details of 46,980 current and past Deakin students.
The contact details included student name, student ID, student mobile number, Deakin email address and special comments. The special comments included recent unit results.
Immediate action was taken by Deakin to stop any further SMS messages being sent to students and an investigation into the data breach was immediately commenced.
What is Deakin doing now?
Deakin will report the breach, and be guided by, the Office of the Victorian Information Commissioner (OVIC).
Deakin continues to investigate the incident and is working with the third-party provider to ensure security protocols are enhanced to prevent any recurrence of this breach.
What do I do now?
If you received this SMS message or have been contacted by Deakin to advise you are part of this breach, please read the following information.
Deakin is working with IDCARE, Australia’s national identity and cyber support community service. They have expert Case Managers who can work with you in addressing concerns in relation to personal information risks and any instances where you think your information may have been misused. IDCARE’s services are at no cost to you. If you wish to speak with one of their expert Case Managers please complete an online Get Help form at www.idcare.org or call 1800 595 160 (Monday to Friday 8am-5pm AEST). When engaging IDCARE please use the referral code DUVL and your Deakin email address.
Other things you can do:
- Stay vigilant. You may receive further spam attempts to get your private data or access to your devices.
- If you’re worried, contact your financial institution. If you have clicked the link and sent money, shared your banking details or are concerned your banking details may have been subsequently breached, contact your financial institution immediately.
- Reach out for help. Deakin will support any students who may have fallen victim to this incident. Please contact Student Central to discuss your individual situation so that we can offer specific support and referral services.
- Change your password. Instructions for changing your Deakin password can be found in Username and Password support.
Malicious attacks are becoming more common place, and more difficult for individuals to detect, however we must all remain vigilant. Deakin’s Cyber Security team is committed to protecting the personal information of our entire community.
How to stay safe online
- Always think before you click. Hover over links (or tap and hold on mobile devices) before you click on them to make sure they’re going to take you to a legitimate site.
- Be wary of unsolicited contact. If you are contacted by a company or person unexpectedly, requesting information not normally requested, report or delete these messages.
- Use the Phish Alert button. Report any suspicious emails to Digital Services so that they can assess the material and take the necessary steps to protect you and Deakin.
We will continue to take an educative and proactive approach to cyber security and continue to strengthen our systems to prevent future incidents.
How Deakin communicates with students
As per Deakin’s student communication and policy and procedure, the means for communicating with current students are:
- Student emails will be the primary form of contact where we need to communicate administrative, enrolment and student service/support information.
- Phone calls and/or emails will be used to provide information to current students who have been individually and/or specifically identified as belonging to a targeted initiative (e.g. Student newsletter, Orientation, Priority Student Program).
- the University’s approved online student portal (DeakinSync with its embedded information channels and communication functionality).
- Text messages to mobile devices will be used for engagement with current students where a student opts in to this service and to communicate critical or emergency information.
- Postal mail will be used to send information to current and prospective students where required by legislation or to send physical items.
Deakin will never send a text message or email demanding money. Any requests for payment would be done via Deakin’s standard payment methods. If in doubt please contact Student Central.
Where to get more information or support
You can contact Student Central in the first instance with any questions or concerns, and we encourage you to visit Deakin’s Cybersecurity blog for more information. DUSA’s financial counselling service may also be able to help you.
The following external websites provide helpful resources and information about scams, including advice on what you should do if you suspect you have been scammed or you’re in need of financial assistance.