What happened
In July 2022 Deakin University disclosed that the details of about 47,000 current and former students had been accessed after staff credentials to a third-party SMS provider were compromised [dk-itnews], [dk-acs]. Around 9,997 people then received scam text messages. Exposed data included names, student IDs, mobile numbers, university emails and recent unit results.
Current status
Disclosed. The ~47,000 figure is the university’s own, reported to the Victorian privacy regulator (OVIC) [dk-itnews].
Why it matters
A compromised supplier account let attackers both read student data and immediately weaponise it for scam messaging — a fast pivot from breach to harm.