Deakin University has revealed a data breach of almost 47,000 current and past students, along with a ‘smishing’ attempt that compromised a legitimate communications channel to target 10,000 current students.
The Victorian university said it had been targeted in a cyber attack where a single staff member’s login credentials were compromised.
Through the credentials the attacker could access information held by a third-party provider that Deakin pays to forward messages prepared by the university to students via SMS. The smish was a parcel delivery scam that directed students to a webform that sought additional information, such as a credit card, to free a fake parcel from customs.
Also, the attacker was able to go further, downloading the contact details of 46,980 current and past Deakin students.
The university is looking into the incident, including preventing a reoccurrence of the breach.
Secure ISS offers a training solution that assists employees in understanding their security responsibilities and help them become “cyber aware”. To find out more, click here.