Lancaster University Hacked by cyber thieves
Students’ studying at Lancaster University had their personal data stolen in a “sophisticated and malicious”[1] phishing attack. Information stolen was also used to create counterfeit voicemails which was released in a statement by the university on Friday. The breach has been reported to police and the Information Commissioner’s office.
The university has stated that they are working on securing their systems and are aware of two breaches. The first breach was undergraduate applicant data for 2019 as well as 2020. The information accessed via these records included name, address, phone number, and email addresses. The second is a “very small”[2] number of students who have had their ID documents accessed. Applicants have been alerted of fraudulent calls as well as those who have had their data accessed by hackers.
A sophisticated phishing attack has caused a breach of university data. This statement explains what’s happened and how to get in touch if you have any concernshttps://t.co/NMvSGrrWT6
— Lancaster University (@LancasterUni) 22 July 2019
Lancaster University has stated that this is now part of an ongoing investigation with law enforcements with no further information at this time.
What is phishing?
Phishing is a form of cybercrime where a hacker poses as a legitimate institution in the form of a text, telephone call or email. The aim is to steal sensitive information from an individual, organisation, or business. This could be identifiable information, passwords, invoices, bank or credit card details which can result in identity theft and or financial loss.
Why would hackers target a university?
Data is gold to cyber criminals and with universities cultivating a hub of personal data as well as the groundwork for experimentations into the latest innovations, they have become a sizable target for hackers. According to the BBC these expensive University research projects were subject to more than 1,000 cyber-attacks last year.[3]
Nick Hillman
Director of the Higher Education Policy institute
“A few unscrupulous foreign governments are keen to access this research, which was vital to future UK economic growth”[4]
John Chapman
Head of security and operations at JISC
“Cyber-attacks are becoming more sophisticated and prevalent and universities can’t afford to stand still in the face of this constantly evolving threat”[5]
Cybercrime in the UK
The UK government has been working to improve the nations cyber security, especially that of the Critical National Infrastructure (CNI). Earlier this year the Joint committee published a report highlighting to the government the growing concerns about the UK’s widening skills gap in the cyber security sector. As well as, the growing number of these attacks and the increasing level of sophistication. The government, as well as businesses and organisations must work to create a training eco-system to support the growing demand for security professionals.