On Wednesday 29 November 2023 we detected that some compromised Melbourne Polytechnic email addresses had been fraudulently used to send phishing emails to external parties.
The emails were deceptively branded with Australian Government and MyGov logos and requested that recipients verify and update their information by clicking on a link with the title “Verify Your Account”. The link redirected the recipient to a fake MyGov login webpage.
We take this matter very seriously and have launched an investigation to identify the source and extent of the breach. The initial reports indicate a sophisticated coordinated “threat actor” that was able to modify their attack approach to evade detection each time we identified and contained an avenue of attack.
We have also taken immediate steps to secure the compromised accounts, our email system and prevent any further unauthorised access. We are working closely with the relevant authorities and cybersecurity experts to ensure all threat sources have been eradicated and measures are taken to prevent any future recurrences.
We are in the process of notifying all people directly impacted by this incident to provide advice on how to protect their information.
Melbourne Polytechnic is committed to privacy and information security. We apologise for any inconvenience or concern this incident may have caused.