Lancaster University students' data stolen by cyber-thieves

  • Published
Lancaster UniversityImage source, IAN TAYLOR/GEOGRAPH
Image caption,

The data was stolen in a "sophisticated and malicious" attack, the university said

The personal data of students and applicants has been stolen in a "sophisticated and malicious" phishing attack at Lancaster University.

Officials said the information had been used to send bogus invoices to undergraduate applicants.

"A very small number" of student records, phone numbers and ID documents were also accessed, it said.

The National Crime Agency (NCA) said the university had suffered a "compromise of its systems".

In a statement, the university said it became aware of a breach on Friday and has been working to secure its systems.

This Twitter post cannot be displayed in your browser. Please enable Javascript or try a different browser.View original content on Twitter
The BBC is not responsible for the content of external sites.
Skip twitter post by Lancaster University

Allow Twitter content?

This article contains content provided by Twitter. We ask for your permission before anything is loaded, as they may be using cookies and other technologies. You may want to read Twitter’s cookie policy, external and privacy policy, external before accepting. To view this content choose ‘accept and continue’.

The BBC is not responsible for the content of external sites.
End of twitter post by Lancaster University

It said the data included names, addresses, phone numbers and emails, linked to students who had applied to join the university in 2019 and 2020.

"We are aware that fraudulent invoices are being sent to some undergraduate applicants," it said.

"At the present time, we know of a very small number of students who have had their record and ID documents accessed."

It said the affected students would be contacted with advice.

Phishing involves attempts to trick web users into handing over sensitive information.

An NCA spokesman said: "A criminal investigation led by the NCA's National Cyber Crime Unit is now under way, and it would not be appropriate to comment further at this stage."

A spokesman for the Information Commissioner's Office said it had received a report from the university and would assess the information provided.

Lawyer Helen Davenport, who advises clients on cyber security, said it was "essential" sectors such as higher education took cyber-security risks "seriously" and put training and software in place to "proactively shield against future attacks".

She said "all eyes" would now be on how the attack had impacted students' data and how the university intended "to guard against something likely to be attempted again".

Failure to do so "could affect the attractiveness of the university to future candidates", she added.

You may also be interested in:

Have you been affected? Contact us at: northwest.newsonline@bbc.co.uk, external

Related internet links

The BBC is not responsible for the content of external sites.