Hackers have accessed the contact details of nearly 47,000 current and past students at Deakin University following a cyber attack.
The university said in a statement it was aware of an unauthorised party accessing a staff member's username, password and information held by a third-party provider.
The provider had been used in the past to send text messages to students.
The breach led to a text message being sent to 9997 students claiming they had received a parcel and were required to "pay customs fees urgently".
Anyone who clicked on the link was taken to a form which asked for additional information including credit card details.
The hacker also downloaded the contact details of 46,980 current and past Deakin students.
The contact details included student name, student ID, student mobile number, email address and special comments. The special comments included recent unit results.
The university became aware of the breach on Sunday.
"Immediate action was taken by Deakin to stop any further text messages being sent to students and an investigation into the data breach was immediately commenced," the university said in a statement.
The university said it would report the breach and be guided by the Office of the Victorian Information Commissioner (OVIC).
"Deakin continues to investigate the incident and is working with the third-party provider to ensure security protocols are enhanced to prevent any recurrence of this breach," the statement said.
The university advised students to stay vigilant and contact their financial institution if worried.
"Malicious attacks are becoming more common place, and more difficult for individuals to detect, however we must all remain vigilant," the university said.
"Deakin's Cyber Security team is committed to protecting the personal information of our entire community."
IN OTHER NEWS:
Now just one tap with our new app: Digital subscribers now have the convenience of faster news, right at your fingertips with The Standard:
Sign up for our newsletter to stay up to date.