Data stolen in cyber breach at Lancaster University

Lancaster University has experienced a cyber-attack that has affected potential applications and stolen student’s information.

On the website, the university says an attack happened on Friday in which they have been “subject to a sophisticated and malicious phishing attack”.

Hackers stole information like names, addresses, dates of birth and email addresses which were used to send fake invoices to.

Who was affected?

The institution has not said how many people are involved in total, but some of those victimised were undergraduate students applying for this year’s autumn entry to the university.

Current university students have also been targeted in a second breach as education records and ID documents were also been stolen from a “small number” of learners.

A targeted but unsophisticated attack

Contradicting the university’s statement, senior director of strategy at SIEM provider, Exabeam, Richard Cassidy, has commented that the attack was targeted, but was ‘by no means sophisticated’.

“The techniques used are a “tried and tested” favourite of almost all cyber criminal (and nation state) groups,” Cassidy said.

He continued: “Many Universities targeted by pervious campaigns (especially those that were linked to nation state groups in 2018) run GCHQ approved cyber security BSc/MSc’s. Speculation is always a delicate game, but if we consider the TTPs (techniques, tactics and procedures) of nation state groups, it could be part of a much wider mission to gain insights that would better serve more sophisticated malware and targeted attacks in future.”

Cassidy added that organisations should educate their employees about phishing attacks to prevent this from further happening.  He said, “Users need to be taught how to remain vigilant and to apply the “if in doubt, there is no doubt” rule in reporting suspicious communication – be it via e-mail, social media or other,”

Handling the situation

The university has spoken about the incident on the website, saying: “We acted as soon as we became aware that Lancaster was the source of the breach on Friday and established an incident team to handle the situation. It was immediately reported to the Information Commissioner’s Office. Since Friday we have focused on safeguarding our IT systems and identifying and advising students and applicants who have been affected.”

Lancaster University is working with law enforcement to try and find the culprits and that those affected have been contacted with advice.



Related Posts