Lancaster University Hit By Data Thieves

Uploaded on 2019-07-29 in TECHNOLOGY--Hackers, FREE TO VIEW

Lancaster University has been subject to a sophisticated and malicious phishing attack which has resulted in breaches of student and applicant data. The matter has been reported to law enforcement agencies and we are now working closely with them. 

Lancaster University has said they are aware of two breaches of data:

1. Undergraduate student applicant data records for 2019 and 2020 entry have been accessed. This includes information such as their name, address, telephone number, and email address. We are aware that fraudulent invoices are being sent to some undergraduate applicants. We have alerted applicants to be aware of any suspicious approaches.  
2. A breach has also occurred of the student records system and the University says that at the present time they know of a very small number of students who have had their record and ID documents accessed. They are contacting those students to advise them what to do.

A number of UK universities have been hit by cyber-attacks and now Lancaster has reported their attack to the National Crime Agency and the Information Commissioner’s Office.

Lancaster University said it acted as soon as it became aware of breaches of student and applicant data on 19 July 2019 by setting up an incident response team and reporting the matter to the ICO.

A cyber phishing attack, using apparent emails from UK’s Lancaster University has resulted in a large amount of student personal data being stolen. Since the data theft fake invoices have been sent to undergraduates asking for money.
The National Crime Agency (NCA) said the university had suffered a "compromise of its systems".

In a statement, the university said it became aware of a breach on Friday and has been working to secure its systems.
It said the data included names, addresses, phone numbers and emails, linked to students who had applied to join the university in 2019 and 2020.

According to the report sponsored by VMware and Dell EMC, cyber-attacks on UK universities presents an increasing risk to national security, with 93% of university research commissioned by government and almost a third of that relating to national security. Since discovering the breaches, the university said it had focused on safeguarding its IT systems and identifying and advising students and applicants who have been affected.

“This work of our incident team is ongoing, as is the investigation by law enforcement agencies,” the university said in a statement.....We acted as soon as we became aware that Lancaster was the source of the breach on Friday and established an incident team to handle the situation."

‘It was immediately reported to the Information Commissioner’s Office. Since 19th July we have focused on safeguarding our IT systems and identifying and advising students and applicants who have been affected. This work of our incident team is ongoing as is the investigation by law enforcement agencies.’

Lancaster Univ:         BBC:          Computer Weekly:

You Might Also Read:

Students Blamed For University & College Cyber Attacks:

Fraudsters £350k Spoof University Emails:

 

« Cyberwar: Covert Cyber Attack Campaign Is Underway
Russia Hacked All US State Election Systems »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

CORDIS

CORDIS

CORDIS is the European Commission's primary public repository and portal to disseminate information on all EU-funded research projects and their results.

InAuth

InAuth

InAuth Security Platform delivers advanced device identification, risk detection, and analysis capabilities to help organizations limit risk and reduce fraud.

Sogeti

Sogeti

Sogeti deliver solutions that enable digital transformation and offer cutting-edge expertise in Cloud, Cybersecurity, Digital Manufacturing, Quality Assurance, Testing, and emerging technologies.

Ubisecure

Ubisecure

Ubisecure provide Identity & Access Management solutions.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

BlackRidge Technology

BlackRidge Technology

BlackRidge Technology develops, markets and supports a family of products that provide a next generation cyber security solution for protecting enterprise networks and cloud services.

Privacyware

Privacyware

Privacyware's ThreatSentry combines a state-of-the-art Web Application Firewall and port-level firewall with advanced behavioral filtering to block unwanted IIS traffic and web application threats.

LogMeIn

LogMeIn

LogMeIn makes it possible for millions of people and businesses around the globe to do their best work simply and securely—on any device, from any location and at any time.

Graylog

Graylog

Graylog provides answers to your team’s security, application, and IT infrastructure questions by enabling you to combine, enrich, correlate, query, and visualize all your log data in one place.

Association of anti Virus Asia Researchers (AVAR)

Association of anti Virus Asia Researchers (AVAR)

AVAR's mission is to prevent the spread of and damage caused by malicious software, and to develop cooperative relationships among anti-malware experts in Asia.

SpiderOak

SpiderOak

SpiderOak's portfolio of Secure Communication & Collaboration products ensure the confidentiality, integrity, and availability of your most sensitive data in any environment.

Novacoast

Novacoast

Novacoast helps organizations find, create & implement solutions for a powerful security posture through advisory, engineering, development & managed services.

MyKRIS Asia

MyKRIS Asia

MyKRIS specialise in providing and managing Internet network services and cyber security services to enterprises.

EPIQ Infotech

EPIQ Infotech

EPIQ Infotech is a trusted consulting and implementation partner for Oracle JD Edwards and Amazon Web Services (AWS).

vpnMentor

vpnMentor

We started vpnMentor to offer users a really honest, committed and helpful tool when navigating VPNs and web privacy.

NetAlly

NetAlly

NetAlly network test solutions help engineers and technicians better deploy, manage, maintain, and secure today’s complex wired and wireless networks.