Manchester University was hit by a cyber attack last week, with the possibility that personal data was stolen by the attacker. A statement was made on their website by Patrick Hackett, Registrar, Secretary and Chief Operating Officer:
"Regrettably, I have to share with you the news that the University is the victim of a cyber incident. It has been confirmed that some of our systems have been accessed by an unauthorised party and data have likely been copied. Our in-house experts and established expert external support are working around the clock to resolve this incident. We are working to understand what data have been accessed and will update you as more information becomes available.
As you would expect, we are also working with the relevant authorities, including the Information Commissioner’s Office, the National Cyber Security Centre (NCSC), the National Crime Agency and other regulatory bodies.
We know this will cause concern to members of our community and we are very sorry for this.
Our priority is to resolve this issue and provide information to those affected as soon as we are able to, and we are focusing all available resources. "
At this time no further information is available. However, recently the NCSC published the survey figures for cyber attacks and data breaches in relation to educational establishments which show an increase in the number of attacks compared to businesses:
The full report is here: Cyber Security Breaches Survey 2023
There is a separate annex published for education institutions, the full report is here: Cyber Security Breaches Survey 2023 Education Institutions Annex
In Summary, the percentage of organisations that have identified breaches or attacks in the last 12 months:
The results are very different across the different education institutions, and diverge from the experience of businesses.
-
Further and higher education institutions are more likely to have experienced a wider range of different types of breaches and attacks than the typical school or business. A higher proportion of these institutions identify impersonation, viruses or other malware, denial of service attacks, and breaches or attacks that fall into another category.
-
Higher education institutions specifically are more likely than colleges to experience at least one breach or attack involving impersonation, viruses or malware, unauthorised access by staff, and the “other” category.
-
Secondary schools are more likely than primary schools to identify instances of online impersonation, unauthorised access by students, and unauthorised access by staff
Our full article on this can be found here: {article title="Cyber Security Breaches Survey 2023"}[link][title][/link]{/article}
Update 26th June 2023:
An article has been published by Computing giving more details about the incident which includes:
Criminals have emailed students and staff at the university, threatening to leak data unless ransom demands are met.
The move appears to be aimed at getting the university's faculty and students to apply pressure to leadership, after attackers
stole what they claim is 7 TB of personal data from university systems earlier this month.
"We would like to inform all students, lecturers, administration, and staff that we have successfully hacked manchester.ac.uk network on June 6 2023," the group wrote in the email, seen by Bleeping Computer.
"We have stolen 7 TB of data, including confidential personal information from students and staff, research data, medical data, police reports, drug test results, databases, HR documents, finance documents, and more."
The email issues a "last warning," saying the attackers will sell the stolen data on the black market if the university fails to meet their demands.
The full article can be read: Computing: Hackers threaten University of Manchester staff and students.
What to do in the event of a Cyber Attack
Incidents or attacks where any security breaches may have taken place, or other damage was caused, should be reported to an external body.
The SLT digital lead will be responsible for assigning someone to report any suspicious cyber incidents or attacks. This person will need to report this to:
- Action Fraud on 0300 123 2040, or the Action Fraud website
- the DfE sector cyber team at This email address is being protected from spambots. You need JavaScript enabled to view it.
You may also need to report to:
You must act in accordance with:
Police investigations may find out if any compromised data has been published or sold and identify the perpetrator.
Preserving evidence is as important as recovering from the crime.
Forward suspicious emails to This email address is being protected from spambots. You need JavaScript enabled to view it.. Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).
Little Guide to ACTION FRAUD
