Lancaster University hit by cyber attack, hundreds of students' personal data stolen

Lancaster University has been targeted by hackers who have stolen confidential data on hundreds of undergraduates.

Tuesday, 23rd July 2019, 8:30 am
Updated Tuesday, 23rd July 2019, 9:30 am
Lancaster University has been targeted by hackers who have stolen confidential data on hundreds of undergraduates and applicants

The full scale of the cyber attack was revealed yesterday (July 22), when university chiefs confirmed that hackers had breached IT systems and accessed student records.

The university said it is the victim of a 'sophisticated and malicious phishing attack', which is being investigated by police and anti-fraud agencies.

The university said it first became aware that its servers had been hacked on Friday (July 19) and said it acted "as soon [we] became aware of the breach".

Sign up to our daily newsletter

The i newsletter cut through the noise

It said it regretted that the breach has led to fraudulent invoices being sent to some undergraduate applicants demanding large sums of money.

Did you know? Lancaster University is among a growing number of UK universities offering degrees in cyber security.

Its Masters degree is accredited by GCHQ - which oversees the UK's intelligence and security operations - and deals with signals intelligence, communications security, code-breaking and surveillance.

Read More

Read More
Lancashire nursery schools could be forced to close by financial pressures

What has the university said?

A spokesman for the university said: "Lancaster University has been subject to a sophisticated and malicious phishing attack which has resulted in breaches of student and applicant data.

"The matter has been reported to law enforcement agencies and we are now working closely with them.

"We acted as soon as we became aware that Lancaster was the source of the breach on Friday (July 22) and established an incident team to handle the situation.

"It was immediately reported to the Information Commissioner’s Office.

"Since Friday we have focused on safeguarding our IT systems and identifying and advising students and applicants who have been affected.

"This work of our incident team is ongoing as is the investigation by law enforcement agencies."

'Ransomware' attacks have targeted a number of higher education institutions in the United States recently, in which hackers have demanded huge payouts in Bitcoin to restore access to IT systems and the safe return of confidential data.

Lancaster University did not confirm whether the hackers have made any further demands following the breach.

It said it would not be making any further comments at this stage because a live investigation is underway.

But the university has confirmed that two significant breaches did occur, in which confidential student data has been accessed.

What type of data has been stolen by the hackers?

1. Undergraduate student applicant data records for 2019 and 2020 entry have been accessed.

This includes information such as name, addresses, telephone numbers, and email addresses.

All affected applicants have been alerted and made aware of any suspicious approaches.

2. A breach has also occurred in the student records system.

The university admitted that "a very small number of students" have had their student record and ID documents accessed.

The university is in the process of contacting the students and are advising the students on what to do.

Applicants, students and staff who have received any suspicious communications should contact the university immediately on 01524 510044.

Alternatively, you can contact the university via email: [email protected] or phone: