Lancaster University hit by double data breach

The sophisticated phishing attack has affected prospective undergraduates and a number of current students

Hacking

Personal information belonging to students has been stolen as part of a "sophisticated and malicious" cyber attack on Lancaster University, with the institution revealing it has sustained two breaches of data.

Attackers gained access to data records for undergraduate applications for 2019 and 2020 entry, including information like names, addresses, telephone numbers and email addresses, Lancaster University has revealed.

Some undergraduate applicants were sent fraudulent invoices as a result of this breach after their details were acquired, with those affected informed by the university to remain vigilant.

As part of the wider attack on the university's systems, the cyber criminals also breached the university's student records system and compromised the record and ID documents of "a very small number of students".

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

Lancaster University detected the phishing attack on Friday and established an incident team to handle the fallout.

The organisation also reported the incident to the Information Commissioner's Office (ICO), which confirmed it is assessing the information the university has provided.

"Since Friday we have focused on safeguarding our IT systems and identifying and advising students and applicants who have been affected," the university added in a statement. "This work of our incident team is ongoing as is the investigation by law enforcement agencies."

Ed Macnair, CEO of cyber security firm Censornet, said the news shows just how targeted cybercriminals are becoming in their methods, and how any and all sectors are now at constant risk.

"This kind of data allows criminals to carry out attacks like credential stuffing, where hackers attempt to log in to a number of an individual's accounts with the intent to access card details that have been linked to certain accounts," he said.

"Affected students should immediately change their passwords and ensure that they have unique passwords for each account they own. This attack highlights how absolutely any organisation is now vulnerable to being hacked, so more vigilance, education, and sophisticated protection is required."

Advertisement - Article continues below

IT Pro approached the university for further comment but a spokesperson declined to comment citing active police investigations.

Featured Resources

Digitally perfecting the supply chain

How new technologies are being leveraged to transform the manufacturing supply chain

Download now

Three keys to maximise application migration and modernisation success

Harness the benefits that modernised applications can offer

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

The 3 approaches of Breach and Attack Simulation technologies

A guide to the nuances of BAS, helping you stay one step ahead of cyber criminals

Download now
Advertisement

Recommended

Visit/security/internet-security/354417/avast-and-avg-extensions-pulled-from-chrome
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019
Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
Visit/hardware/354584/windows-10-and-the-tools-for-agile-working
Sponsored

Windows 10 and the tools for agile working

20 Jan 2020
Visit/microsoft-windows/32066/what-to-do-if-youre-still-running-windows-7
Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020
Visit/business-strategy/public-sector/354608/uk-gov-launches-ps300000-sen-edtech-initiative
public sector

UK gov launches £300,000 SEN EdTech initiative

22 Jan 2020