Lancaster University Hit By Data Thieves

Uploaded on 2019-07-29 in TECHNOLOGY--Hackers, FREE TO VIEW

Lancaster University has been subject to a sophisticated and malicious phishing attack which has resulted in breaches of student and applicant data. The matter has been reported to law enforcement agencies and we are now working closely with them. 

Lancaster University has said they are aware of two breaches of data:

1. Undergraduate student applicant data records for 2019 and 2020 entry have been accessed. This includes information such as their name, address, telephone number, and email address. We are aware that fraudulent invoices are being sent to some undergraduate applicants. We have alerted applicants to be aware of any suspicious approaches.  
2. A breach has also occurred of the student records system and the University says that at the present time they know of a very small number of students who have had their record and ID documents accessed. They are contacting those students to advise them what to do.

A number of UK universities have been hit by cyber-attacks and now Lancaster has reported their attack to the National Crime Agency and the Information Commissioner’s Office.

Lancaster University said it acted as soon as it became aware of breaches of student and applicant data on 19 July 2019 by setting up an incident response team and reporting the matter to the ICO.

A cyber phishing attack, using apparent emails from UK’s Lancaster University has resulted in a large amount of student personal data being stolen. Since the data theft fake invoices have been sent to undergraduates asking for money.
The National Crime Agency (NCA) said the university had suffered a "compromise of its systems".

In a statement, the university said it became aware of a breach on Friday and has been working to secure its systems.
It said the data included names, addresses, phone numbers and emails, linked to students who had applied to join the university in 2019 and 2020.

According to the report sponsored by VMware and Dell EMC, cyber-attacks on UK universities presents an increasing risk to national security, with 93% of university research commissioned by government and almost a third of that relating to national security. Since discovering the breaches, the university said it had focused on safeguarding its IT systems and identifying and advising students and applicants who have been affected.

“This work of our incident team is ongoing, as is the investigation by law enforcement agencies,” the university said in a statement.....We acted as soon as we became aware that Lancaster was the source of the breach on Friday and established an incident team to handle the situation."

‘It was immediately reported to the Information Commissioner’s Office. Since 19th July we have focused on safeguarding our IT systems and identifying and advising students and applicants who have been affected. This work of our incident team is ongoing as is the investigation by law enforcement agencies.’

Lancaster Univ:         BBC:          Computer Weekly:

You Might Also Read:

Students Blamed For University & College Cyber Attacks:

Fraudsters £350k Spoof University Emails:

 

« Cyberwar: Covert Cyber Attack Campaign Is Underway
Russia Hacked All US State Election Systems »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Quotium

Quotium

Quotium provides automated testing technologies to make business software applications secure and robust.

Cyber Security For Critical Manufacturing (ManuSec)

Cyber Security For Critical Manufacturing (ManuSec)

Cyber Security For Critical Manufacturing (Manusec) is a global series of summits focusing on Cyber Security for Critical Manufacturing Sectors.

Cyber Security Expo

Cyber Security Expo

Cyber Security EXPO is a unique one day recruitment event for the cyber security industry.

NLnet Labs

NLnet Labs

NLnet Labs is a not-for-profit foundation with a long heritage in research and development, Internet architecture and governance, as well as security in the area of DNS and inter-domain routing.

ISA Security Compliance Institute (ISCI)

ISA Security Compliance Institute (ISCI)

ISCI, a not-for-profit automation controls industry consortium, manages the ISASecure™ conformance certification program for industrial automation and control systems.

Cyber Chasse

Cyber Chasse

Cyber Chasse is an IT consulting and staffing company offering a full range of cybersecurity solutions, contract staffing services and online training courses.

Mission Critical Partners (MCP)

Mission Critical Partners (MCP)

Mission Critical Partners is committed to delivering innovative solutions that help our clients enhance and evolve their critical-communications systems and operations.

Atlantic Data Security

Atlantic Data Security

Atlantic Data Security is skilled in the analysis, recommendation, deployment, and management of all critical components of the security infrastructure.

Bittnet Training

Bittnet Training

Bittnet Training is the leader in the IT Training market in Romania. We develop the IT skills of IT professionals as well as those who wish to start a career in IT.

Mirai Security

Mirai Security

Mirai Security are a cyber security company that specializes in Governance, Risk Management and Compliance, Cloud Security and Application Security.

Maintel

Maintel

Maintel provides cloud and managed communications services. We help our customers to deliver exceptional customer experiences, and to securely access their applications and their data.

Resilience Cyber insurance

Resilience Cyber insurance

Resilience helps to improve cyber resilience by connecting cyber insurance coverage with advanced cybersecurity visibility and a shared plan to reinforce great cyber hygiene.

Secure Halo

Secure Halo

Secure Halo has been protecting the intellectual assets and sensitive information of the federal government and private sector for 20+ years, through our proactive approach to risk and cybersecurity.

StealthMole

StealthMole

StealthMole is a deep and dark web threat intelligence company that delivers a cloud-based, unified platform for digital investigation, risk assessment, and threat monitoring.

DigitalXForce

DigitalXForce

DigitalXForce is the Digital Trust Platform for the New Era – SaaS based solution that provides Automated, Continuous, Real Time Security & Privacy Risk Management.

DataGuard

DataGuard

DataGuard is a security and compliance software company trusted by organisations across the globe.