Lancaster University data breach – July 2019

Lancaster University has announced that it was recently the subject of a ‘sophisticated and malicious’ cyber-attack, compromising a ‘small number of current students’ and potentially 12,500 applicants for the next two academic years, according to The Register.

The hackers, who have yet to be identified by the University or the authorities, accessed two separate banks of data and have used the information to send out fake invoices to thousands of would-be students from the UK, EU and beyond. The largest breach was of student application data records for 2019 and 2020 entry.

This information included:

  • name
  • address
  • telephone number
  • email address

Numbers from UCAS suggest that as many as 12,500 people apply for a course at Lancaster University each year, those who have applied during clearing are not expected to have been affected by the breach.

Students and those who have applied to the university this year have reported receiving fake invoices from cyber criminals, unfortunately this is likely to only be the start for those affected. Many criminals share and sell data stolen from attacks like these all over the world, meaning that this personal data could be in the hands of countless criminals’ hands already.

The incident is currently under investigation by the police and has been reported to the Information Commissioner’s Office, which as confirmed that it is in the process of assessing the situation. The university has said that they are focusing on safeguarding their IT systems and ‘identifying and advising students and applicants who have been affected.’

If you’ve received a notification from Lancaster University, or have applied for a place at the university in 2018 of 2019, then your information could have been compromised. Get in touch with us to find out if you could be due compensation for the loss of your personal data.