The University of Manchester suffered a cyber incident that likely resulted in access to data by attackers, the university confirmed in a statement issued on June 9, 2023.
“Some of our systems may have been accessed by unauthorized persons and data copied,” University of Manchester chief operations officer Patrick Hackett confirmed in a post.
The attack was discovered earlier this week on June 6th.
Hackett added that the UK university is now working with internal experts and external support to resolve incidents and understand what data was accessed.
He also confirmed that the university has been in contact with relevant authorities regarding the attack, including the UK data protection authority, the Information Commissioner’s Office (ICO), the National Cyber Security Center (NCSC) and the National Crime Agency.
Students and faculty are advised to be vigilant against potential phishing attacks while the investigation continues.
The University of Manchester said in a statement: “We know this causes concern for members of our community, and we deeply regret this. Our priority is to resolve this issue and help those affected. Our goal is to provide information as soon as possible and we are concentrating all available resources.”
Universities and other educational institutions have been targeted by ransomware attacks in recent years, with a 2022 study finding that remediation for each incident costs an average of over £2 million.
In May 2022, the 157-year-old Lincoln University in Illinois, USA, was forced to close after a ransomware attack locked the school out of critical data needed for student retention, recruitment and fundraising.
The threat actor Vice Society has been particularly active in this area recently, affecting a number of institutions across the US and Europe.
Commenting on the attack, Raghu Nandakumara, Director of Critical Infrastructure Solutions at Ilmio, praised the university’s transparency and proactive approach to notifying and engaging with authorities.
He noted that sensitive and valuable data held by universities has become a major target for malicious attackers. “If data is found to have been compromised, the potential impact can be enormous. Universities not only hold vast amounts of personal data about their students and staff, but they also conduct valuable and confidential research. “The number of different technologies and devices connected to the university network increases the attack surface,” said Nandakumara.
“Universities need to act quickly to assess the extent of the breach and identify which data sets have been copied,” said Andrew Whalley, senior technical director at Promon. Plus, once the dust settles, you’ll have a lot of damage control to do. People tend not to like their data being leaked, whether it could have been avoided or not. “
Image credit: John B Hewitt / Shutterstock.com
