InfoSec / Cyber

Cyber attack in red text on a computer screen with other random computer text

Cyber Attack: Manchester University

Manchester University was hit by a cyber attack last week, with the possibility that personal data was stolen by the attacker.  A statement was made on their website by Patrick Hackett, Registrar, Secretary and Chief Operating Officer:

"Regrettably, I have to share with you the news that the University is the victim of a cyber incident. It has been confirmed that some of our systems have been accessed by an unauthorised party and data have likely been copied. Our in-house experts and established expert external support are working around the clock to resolve this incident. We are working to understand what data have been accessed and will update you as more information becomes available. 

As you would expect, we are also working with the relevant authorities, including the Information Commissioner’s Office, the National Cyber Security Centre (NCSC), the National Crime Agency and other regulatory bodies. 

We know this will cause concern to members of our community and we are very sorry for this.  

Our priority is to resolve this issue and provide information to those affected as soon as we are able to, and we are focusing all available resources. "

At this time no further information is available. However, recently the NCSC published the survey figures for cyber attacks and data breaches in relation to educational establishments which show an increase in the number of attacks compared to businesses:

The full report is here: Cyber Security Breaches Survey 2023

There is a separate annex published for education institutions, the full report is here: Cyber Security Breaches Survey 2023 Education Institutions Annex

In Summary, the percentage of organisations that have identified breaches or attacks in the last 12 months:

 The results are very different across the different education institutions, and diverge from the experience of businesses.

  • Further and higher education institutions are more likely to have experienced a wider range of different types of breaches and attacks than the typical school or business. A higher proportion of these institutions identify impersonation, viruses or other malware, denial of service attacks, and breaches or attacks that fall into another category.

  • Higher education institutions specifically are more likely than colleges to experience at least one breach or attack involving impersonation, viruses or malware, unauthorised access by staff, and the “other” category.

  • Secondary schools are more likely than primary schools to identify instances of online impersonation, unauthorised access by students, and unauthorised access by staff

Our full article on this can be found here: 

Update 26th June 2023:

An article has been published by Computing giving more details about the incident which includes:

Criminals have emailed students and staff at the university, threatening to leak data unless ransom demands are met.

The move appears to be aimed at getting the university's faculty and students to apply pressure to leadership, after attackers stole what they claim is 7 TB of personal data from university systems earlier this month.

"We would like to inform all students, lecturers, administration, and staff that we have successfully hacked network on June 6 2023," the group wrote in the email, seen by Bleeping Computer.

"We have stolen 7 TB of data, including confidential personal information from students and staff, research data, medical data, police reports, drug test results, databases, HR documents, finance documents, and more."

The email issues a "last warning," saying the attackers will sell the stolen data on the black market if the university fails to meet their demands.

The full article can be read: Computing: Hackers threaten University of Manchester staff and students.

What to do in the event of a cyber attack?

Tell someone!  Report to IT. Report to SLT. 

Unplug the computer from the internet by removing the ethernet cable or turning the Wi-Fi off.

If you are a victim of a ransomware attack we would recommend reporting this to Action Fraud: as well as your data protection officer so they can advise about the data loss.  Most cyber crimes like these will also need to be reported to the ICO by your data protection officer.

Isolate the infected device and pass to IT 

Always ensure there are backups you can restore from.

Little Guide to ACTION FRAUD