Deakin University

The Latest

2 August 2022: Deakin University announced a data breach and exposed personally identifiable information (PII), which includes names, mobile numbers and email addresses of almost 47,000 current and past students after tracing an intrusion from a hacked account of one of the institution’s staff members. Following this breach, almost 10,000 students also received spam text messages that asked for their credit card information to process customs fees on a package. This type of mobile spear phishing attack is known as ‘smishing’. The university, however, has claimed that it has already put an end to the attack from reaching more students and alumni.

Why it’s Important

The Australian Cyber Security Centre’s ACSC Annual Cyber Threat Report revealed that the education and training sector is among the top areas that have experienced cyber security incidents in 2020-2021. Some of the most notable data breaches in recent years include:

Australian National University’s spear phishing attack that stole sensitive information dating as far as 19 years from more than 200,000 students in 2019.
In 2021 Swinburne University of Technology confirmed that personal information of its 5,200 staff and 100 students were exposed after hackers infiltrated an event registration information webpage of the university.
More than 50,000 Australian students who have installed the Get app (formerly known as Qnect) that facilitates payments, have exposed their personal information after a Reddit user discovered their names, email addresses, birthdates and Facebook IDs online.

Deakin University’s case is a lesson on ensuring that a cyber security response plan is constantly reviewed to generate a quick, comprehensive response at the enterprise level with a sense of urgency. It should also reflect accountability and promote clear communication to their stakeholders. While cyber incidents never evolve according to plan, having no plan creates additional duress for decision makers in the organisation, possibly lowering the quality of their decision making.

Who’s impacted

CIO
Security teams
IT teams

What’s Next?

Begin a campaign to educate all staff on the importance of data protection to the organisation.
Conduct a post-implementation review of your incident response plan (IRP) as soon as possible while the memories of what worked and what can be done better are in the minds of all participants.

Additional Reading

IBRS Advisor Team

28 July 2022

Deakin University

VENDORiQ: Deakin University Suffers from Data Breach and Smishing Attack

Streams

Other Practices

In the News

The Pause Breakfast - InnovationAus.com 23 May 2022

Atlassian’s $4b rival plans Aussie assault after big money funding - Australian Financial Review 1 November 2021

The economic argument for accelerated SaaS migration - InnovationAus 25 October 2021

‘Massive’ $224 billion boost to Australian economy from investment in digital transformation: report - iTWire 2 August 2021

State and Federal governments to unlock $62B ‘digital dividend’ by embracing software as a service (SaaS): research - Government News 29 August 2021

Cloud ‘fast track’ will transform economy - The Australian 2 August 2021

Tech sector seeks more from PM’s software and digital economy push - Australian Financial Review 6 May 2021

IBRS reports 'no new normal', for ICT to remain relevant it 'must embrace the fourth-wave of ICT and the imperative of change' - ITWire 3 March 2021

Already a subscriber?

Search Advisory Papers

Deakin University

Streams

Other Practices

In the News