The University of Newcastle has apologised to thousands of postgraduate students who received an email on Saturday morning that warned they may be a risk of failing because they had not completed their annual progress report.
The university has blamed an IT glitch for triggering the email and has ruled out the involvement of hackers.
About 3700 students received a personalised email from the Graduate Research, Research and Innovation Division claiming they had not submitted their report by November 30 last year.
It went on to warn that their failure to provide the report meant the Dean of Graduate studies had the option of terminating their candidature.
"The show cause process will commence if you fail to respond within 24 hours of this notification," the email said.
A follow-up email sent on Monday said the emails were sent while an IT system was being decommissioned.
"The error has generated understandable confusion and concern amongst higher degree research candidates and supervisors. The university sincerely apologises for this. This is not reflective of the standard we work hard to maintain at the university," the follow-up email said.
A university spokeswoman said the university acted swiftly to correct the error.
"As soon as we realised the error had occurred, we contacted recipients to apologise and to advise them to ignore the email, but we understand how unsettling it might have been for some students," she said.
"We have conducted a thorough check of our systems and can rule out external factors or a security breach. We have also, of course, taken steps to ensure the situation will not occur in the future."
But one student who received the email said he was not completely convinced by the university's explanation.
"There's something that doesn't add up," he said.
"Sure it may have been a mistake but with all of the concern about foreign incursion it certainly rang alarm bells with me."
The Australian National University was the victim of international hackers who cracked into the personal records of 200,000 students and staff last October.
A report on the attack found the hacking team was likely made of about 10 to 15 people who worked around the clock to actively cover their tracks and build custom malware from inside the university's network.
The hack began with an innocuous email to a senior staff member.
While the recipient didn't click on anything they shouldn't have, previewing an attachment allowed hackers to steal a password. They then stumbled upon an old server months away from being decommissioned.
From there they built a base of operations, installing "shadow infrastructure" to cloak their movements as they sought out more secure databases.
