Man Arrested over Lancaster University Cyber Attack

A hacker stole information from Lancaster University affecting people applying to study there this year and next.

A man has been arrested on suspicion of computer crimes and fraud offences by police investigating the theft of student data from Lancaster University.

The 25-year-old, who has not been named, has been released under investigation while the National Crime Agency continues to work with the university to find out what happened.

The arrest took place on Monday, according to the NCA’s cyber crime unit.

According to Lancaster University a hacker or hackers accessed the records for undergraduate student applications to enter the university in 2019 and 2020.

The information is considered highly sensitive and includes names, addresses, telephone numbers and email addresses.

“We are aware that fraudulent invoices are being sent to some undergraduate applicants. We have alerted applicants to be aware of any suspicious approaches,” the university said.

Another breach was also identified affecting the university’s student records system.

“At the present time we know of a very small number of students who have had their record and ID documents accessed. We are contacting those students to advise them what to do,” the university said.

“We acted as soon as we became aware that Lancaster was the source of the breach on Friday and established an incident team to handle the situation.

“It was immediately reported to the Information Commissioner’s Office.”

There is a legal requirement for businesses which lose people’s data to inform the ICO within 72 hours or face substantial fines.

Organisations are also required to hold on to this data securely and if it is not found to be secure then they could similarly face a large fine.

In 2016 telecommunications company TalkTalk was given a record £400,000 fine by the ICO for failing to properly secure its customers’ data.

At the time, the ICO stated TalkTalk could have prevented the data breach the previous October if the firm had taken basic steps to protect customers’ information.

Lancaster University added: “Since Friday we have focused on safeguarding our IT systems and identifying and advising students and applicants who have been affected.

“This work of our incident team is ongoing as is the investigation by law enforcement agencies.”




About The Author

Related posts