Student data accessed in ‘malicious’ cyber attack
The phishing attack at Lancaster University is being investigated.
Student data has been stolen in a “sophisticated and malicious” cyber attack on a university.
Records and ID documents of some Lancaster University students were accessed in the phishing attack and fraudulent invoices were sent to undergraduate applicants, a spokesman for the university said.
In a statement, the university said it became aware of the breach on Friday and set up an incident team to deal with the situation.
It said: “Lancaster University has been subject to a sophisticated and malicious phishing attack which has resulted in breaches of student and applicant data.
A sophisticated phishing attack has caused a breach of university data. This statement explains what’s happened and how to get in touch if you have any concernshttps://t.co/NMvSGrrWT6— Lancaster University (@LancasterUni) July 22, 2019
“The matter has been reported to law enforcement agencies and we are now working closely with them.”
Data from undergraduate applicants for 2019 and 2020, including their names, addresses, telephone numbers and email addresses, was accessed and fake invoices sent to some potential students.
The student records system was also breached in the attack and the university is contacting a “very small number” of students who have had record and ID documents accessed.
The university spokesman said: “Since Friday we have focused on safeguarding our IT systems and identifying and advising students and applicants who have been affected.
“This work of our incident team is ongoing, as is the investigation by law enforcement agencies.”