Cyber criminals attack on university
Lancaster University has been subject to a “sophisticated and malicious” phishing attack which has resulted in breaches of student and applicant data.
The university says the matter has been reported to law enforcement agencies and it is now working closely with them. The NCA’s National Cyber Crime Unit has launched a criminal investigation.
In a statement, Lancaster said it was aware of two breaches of data and that information had been used to send fraudulent invoices to some undergraduate applicants.
The university said: “We have alerted applicants to be aware of any suspicious approaches.”
It added that “a very small number” of students have had their record and ID documents accessed. The university has contacted the students involved and advised them what to do.
The university’s statement added: “We acted as soon as we became aware that Lancaster was the source of the breach on Friday and established an incident team to handle the situation.
This work of our incident team is on-going as is the investigation by law enforcement agencies.
“It was immediately reported to the Information Commissioner’s Office. Since Friday we have focused on safeguarding our IT systems and identifying and advising students and applicants who have been affected.
“This work of our incident team is on-going as is the investigation by law enforcement agencies.”
The university is advising applicants, students and staff to get in contact if they receive any suspicious communications.
Its statement said: “Because this is a live investigation we will not be making any further comment at this stage.”
Phishing involves attempts to trick web users into handing over sensitive information.