back to article Lancaster Uni data breach hits at least 12,500 wannabe students

Lancaster University - which offers a GCHQ-accredited degree in security - has been struck by a "sophisticated and malicious phishing attack" that resulted in the leak of around 12,500 wannabe students' personal data. In a statement published yesterday evening, the university admitted that undergraduate applicant records for …

  1. This post has been deleted by its author

    1. julian_n

      Doesn't GDPR mandate 72 hours for disclosure now?

      1. mark 120

        72 hours

        72 hours to the regulator. The victims only to be notified if the breach results in 'a high risk to the rights and freedoms of individuals', with the risk level self-defined or when the ICO tells you to notify them.

  2. Pen-y-gors

    Nice one!

    Of course, usually the IT department have nothing to do with the admin IT systems, which is presumably where the breach was - as it should be.

    But perhaps if they'd spent a bit more on their admin IT security and a bit less on naff architects they may not have had the problem!

  3. caffeine addict

    There's no such thing as a "sophisticated and malicious phishing attack" - just lazy, stupid, or uneducated phishing attack victims.

    1. Phil W

      Of course there is. Speaking from experience there a wide variety of qualities of phishing attacks, ranging from random middle eastern email address you've never heard of, sending poor worded emails with links to poorly constructed pages asking for credentials in broken English, to attackers deliberately compromising known partner organisations of their real target and then using their real email accounts to email the target institution with very well constructed emails with fairly genuine looking links to extremely well constructed pages including the organisation's logo etc.

      Not to say some common sense and training wouldn't also help defeat the well crafted attacks, but there is most definitely a varying sophistication of attacks.

  4. Anonymous Coward
    Anonymous Coward

    I expect there will be a litany of unpatched and obsolete systems involved.

    1. Halfmad

      They were too busy FOIing the NHS about the use of XP.

      1. EnviableOne

        I think you'll find the NHS is now a lot further into w10 migration than most businesses and XP machines are now very few and far between.

        Since NHS Digital stumped up the cash for E5 licences and they were conditional on migration by January

  5. lglethal Silver badge
    WTF?

    umm what?

    Just curious whats with the shoe horning in of data about how many foreign students there are at Lancaster Uni? Doesnt really seem relevant where people come from if there data's been stolen.

    Unless there's some sort of subtle "Look dirty foreigners taking all the uni places" undercurrent here, which I do not expect at El Reg...

    1. AMBxx Silver badge

      Re: umm what?

      More a case of 'where are all the foreigners'? I do a lot of work with University data. You'd normally expect closer to 40% non-UK. Lower for the 'old' universities. Much higher for the ex-polys.

    2. tiggity Silver badge

      Re: umm what?

      Foreign students often bring in more cash than UK ones, so popular with many unis (especially non EU students).

      Could be relevant to how attacks were done as typically different pathways for applications from UK /other EU / non UK / EU.

      So "nationality" of students data in breach could give hints to attack vector (assuming different pathways based on above mentioned "nationality"

    3. Anonymous Coward
      Anonymous Coward

      Re: umm what?

      Foreign (as in non-EU) students are perhaps more likely not to question the veracity of an "invoice" from "the university", as they will be paying tuition fees already, and so may be more of risk of being taken in and paying money to the scammers. In some cases, their English language skills may also not be as good, also increasing the risk to them. S/E/W/NI/other-EU students might perhaps be more likely to spot that the fraudulent emails are scams?

      I am sure no racism was intended: it is the fact that universities tend to be very international places that is part of their dynamism and being melting pots of ideas and experiences (sadly, mine wasn't so much, and I didn't have the awareness or knowledge to perhaps have made a better choice at that time).

    4. Anonymous Coward
      Anonymous Coward

      Re: umm what?

      Foreign students were targeted with demands for money (to secure their place I assume) using the purloined data.

      Several 'university-of-[city].co.uk domains were set up by the folks responsible.

  6. hmv

    Clearing

    A rather 1980s attitude towards clearing there - it's not unknown for students who have exceeded expectations to go through clearing, and it's no longer just under subscribed courses that offer places through clearing either.

    1. DavidPalmer44

      Re: Clearing

      Agreed!

  7. Ken Moorhouse Silver badge

    The perpetrator...

    ...has now completed their cyber security thesis and is projected to receive a first.

  8. Anonymous Coward
    Anonymous Coward

    Uplink

    Why am I reminded of hacking the Global Academic Database in uplink to bulk create or remove qualifications for cash? Time to reinstall and do it all again

  9. Anonymous Coward
    Anonymous Coward

    Hmm, I have a relative of a relative who works there, I believe teaching computer security stuff. His leg will be getting oulled a bit when I next see him !

    Yeah, I know - there's a big gulf between the people running the admin systems and the people teaching the courses - but still good for a good leg pulling :-)

    1. Anonymous Coward
      Anonymous Coward

      Why - are you just that mean or do you not like him?

  10. IGotOut Silver badge

    if you are affected...

    Please email your name, course name, home address, mother's maiden name, credit card details, including the last three numbers on the back to

    lanchesteruniversity.co

    Thanks.

  11. Andytug

    And in other totally unconnected news

    Sky forced a large number of its (Yahoo) email users to reset their passwords yesterday afternoon......

  12. Anonymous Coward
    Anonymous Coward

    Wrong picture

    The building you've shown a picture of has very little to do with this story. The actual IT services provided to the campus are managed from a building which ironically is exactly across from the one in the picture. The courses and Computing department have nothing to do with how they run and manage their own IT services, and this is the same at pretty much all other universities as far as I know.

  13. Anonymous Coward
    Anonymous Coward

    A few years ago the Uni I work in had some of its virtual servers hacked by some of its own computer science students. Whether this was an initiative test, a wager or a drunken stunt was never revealed.

  14. Paul Johnston

    Banner?

    Does anyone know if they use Banner?

    https://www.theregister.co.uk/2019/07/21/security_roundup_190719/

  15. Anonymous Coward
    Anonymous Coward

    Back in the day...

    I used to work there, one of the system admins had connected netcat to cmd.exe on one of the secure AD schema administration workstations, and left the port unfirewalled and open to the world.

    It got "hacked". All of the servers got hacked. Nobody knew if data had been pinched.

    They had to rebuild the entire network from scratch, wihout using backups, as they couldn't determine how long the attacker had access for - it tool ages.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like