Lancaster University – which offers a GCHQ-accredited degree in security has confirmed that it was “subject to a sophisticated and malicious phishing attack”, resulting in the leak of around 12,500 applicants’ personal data.
This was revealed in a statement published by the university on 22 July. The scope of the breach included records of applicants for the years 2019 and 2020 along with data of some current students. The data included names, addresses, phone numbers and email addresses. The university admits that fraudulent invoices had been sent to some undergraduate applicants as a result of the breach and warns those still unaffected to be vigilant.
As part of the attack on the university’s systems, the hackers also breached the university’s student records system and compromised the records and ID documents of “a very small number of students”.
Lancaster University became aware of the breach on Friday and established an incident team to handle the fallout. The incident was also reported to the Information Commissioner’s Office (ICO).