Lancaster University Hit By Data Thieves

Lancaster University has been subject to a sophisticated and malicious phishing attack which has resulted in breaches of student and applicant data. The matter has been reported to law enforcement agencies and we are now working closely with them. 

Lancaster University has said they are aware of two breaches of data:

1. Undergraduate student applicant data records for 2019 and 2020 entry have been accessed. This includes information such as their name, address, telephone number, and email address. We are aware that fraudulent invoices are being sent to some undergraduate applicants. We have alerted applicants to be aware of any suspicious approaches.  
2. A breach has also occurred of the student records system and the University says that at the present time they know of a very small number of students who have had their record and ID documents accessed. They are contacting those students to advise them what to do.

A number of UK universities have been hit by cyber-attacks and now Lancaster has reported their attack to the National Crime Agency and the Information Commissioner’s Office.

Lancaster University said it acted as soon as it became aware of breaches of student and applicant data on 19 July 2019 by setting up an incident response team and reporting the matter to the ICO.

A cyber phishing attack, using apparent emails from UK’s Lancaster University has resulted in a large amount of student personal data being stolen. Since the data theft fake invoices have been sent to undergraduates asking for money.
The National Crime Agency (NCA) said the university had suffered a "compromise of its systems".

In a statement, the university said it became aware of a breach on Friday and has been working to secure its systems.
It said the data included names, addresses, phone numbers and emails, linked to students who had applied to join the university in 2019 and 2020.

According to the report sponsored by VMware and Dell EMC, cyber-attacks on UK universities presents an increasing risk to national security, with 93% of university research commissioned by government and almost a third of that relating to national security. Since discovering the breaches, the university said it had focused on safeguarding its IT systems and identifying and advising students and applicants who have been affected.

“This work of our incident team is ongoing, as is the investigation by law enforcement agencies,” the university said in a statement.....We acted as soon as we became aware that Lancaster was the source of the breach on Friday and established an incident team to handle the situation."

‘It was immediately reported to the Information Commissioner’s Office. Since 19th July we have focused on safeguarding our IT systems and identifying and advising students and applicants who have been affected. This work of our incident team is ongoing as is the investigation by law enforcement agencies.’

Lancaster Univ:         BBC:          Computer Weekly:

You Might Also Read:

Students Blamed For University & College Cyber Attacks:

Fraudsters £350k Spoof University Emails:

 

« Cyberwar: Covert Cyber Attack Campaign Is Underway
Russia Hacked All US State Election Systems »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Genie Networks

Genie Networks

Genie Networks is a leading technology company providing networking and security solutions for optimizing the performance of large networks.

National Authority Against Electronic Attacks (NAAEA) - Greece

National Authority Against Electronic Attacks (NAAEA) - Greece

The National Authority Against Electronic Attacks (NAAEA) is the national computer emergency response team of Greece.

Security Brokers

Security Brokers

Security Brokers focus services and solutions with a focus on strategic ICT Security and Cyber Defense issues.

Paygilant

Paygilant

Paygilant’s disruptive technology is designed to protect mobile payment  financial transactions against fraudulent attacks, whether executed by NFC, QR code, P2P or in-app.

Cervello

Cervello

Cervello is a leading provider of comprehensive and proven solutions to protect railways against cyber attacks.

Slovak National Accreditation Service (SNAS)

Slovak National Accreditation Service (SNAS)

SNAS is the national accreditation body for Slovakia. The directory of members provides details of organisations offering certification services for ISO 27001.

DataDome

DataDome

DataDome offers real-time AI protection against all OWASP automated threats, including credential stuffing, layer 7 DDoS attacks, SQL injection & intensive scraping.

Digital Fingerprints

Digital Fingerprints

Digital Fingerprints provides continuous authentication with behavioural biometrics. Protection against account takeover and session takeover. Compliant with GDPR and PSD2.

Sayata Labs

Sayata Labs

Sayata delivers a streamlined solution for processing cyber policies. Increase profitability with an easy and intuitive platform.

Billington CyberSecurity

Billington CyberSecurity

Billington CyberSecurity is a leading, independent education company with an exclusive focus on cybersecurity.

Aversafe

Aversafe

Aversafe provides individuals, employers and certificate issuers around the world with a first line of defense against credential fraud.

Resilience Cyber Insurance Solutions

Resilience Cyber Insurance Solutions

Resilience Cyber Insurance combines insurance expertise with cybersecurity and data talent to deliver clear, effective solutions to protect you for the cyberrisks of today—and tomorrow.

Spike Reply

Spike Reply

Spike Reply is the company within the Reply Group focusing on cybersecurity and personal data protection.

Think|Stack

Think|Stack

Think|Stack is a managed IT services company specializing in cloud and cybersecurity with human-centered design.

Security Discovery

Security Discovery

Stay ahead of cyber threats with Security Discovery. We offer expert consulting, comprehensive services, and a powerful vulnerability monitoring SaaS platform.

Resillion

Resillion

Resillion (formerly Eurofins Digital Testing) is a global leader in quality engineering and cyber security services with operations in Europe, US, UK, India and China.