College of Manchester confirms information theft in current cyberattack


University of Manchester

Picture: Ax Sharma

The College of Manchester lastly confirmed that attackers behind a cyberattack disclosed in early June had stolen information belonging to alums and present college students.

The college first disclosed the assault on June 9, warning that information was doubtless stolen however stated the incident was unrelated to the MOVEit Switch information theft assaults.

On Tuesday, BleepingComputer first reported that the hackers behind the assault have been emailing college students claiming to have stolen 7 TB of confidential information belonging to college students and workers.

“We wish to inform all college students, lecturers, administration, and workers that we have now efficiently hacked manchester.ac.uk community on June 6 2023,” the menace actors stated within the e-mail.

“We’ve got stolen 7TB of information, together with confidential private info from college students and workers, analysis information, medical information, police studies, drug check outcomes, databases, HR paperwork, finance paperwork, and extra. and extra.”

BleepingComputer contacted the College of Manchester concerning these emails however has but to obtain a response.

Hacker's email to University of Manchester students
Hackers’ e-mail to the College of Manchester college students (BleepingComputer)

​Nonetheless, the College of Manchester has now confirmed that information was certainly stolen within the incident from a system used to assist handle college students’ college lodging. 

“Based mostly on our investigations we imagine {that a} small proportion of information has been copied that pertains to some college students, and a few alumni. We’ve got written on to these people who could have been affected by this,” the college stated.

“We perceive that it will create concern for some, however we wish to guarantee our group that our inside and exterior consultants are working across the clock to proceed to handle this and our investigations are persevering with.”

In keeping with an replace to the cyberattack info web page, the attackers accessed the next kinds of delicate information:

  • Names and make contact with particulars (tackle, phone numbers, and e-mail tackle)
  • College ID numbers
  • Dates of beginning and gender
  • Nationality, domicile, and ethnicity
  • UCAS quantity and payment standing
  • UCAS incapacity code (the place related)
  • For some college students, the paperwork additionally included a abstract of key communications or different data regarding their college lodging.

Some former college students additionally had their names, contact particulars, College ID numbers, gender, dates of beginning, and primary program info.

“We’ve got not recognized any unauthorised entry to checking account or card cost particulars – we don’t retailer such info on the above methods,” the college stated.

“We’re asking all workers and college students to stay vigilant of any suspicious emails, together with people who seem to return from these accountable for this incident. Don’t have interaction with or reply to those emails in any means.”

The college stated it is collaborating with related authorities to analyze the incident, together with the Info Commissioner’s Workplace, the Nationwide Cyber Safety Centre (NCSC), the Nationwide Crime Company, and different regulatory our bodies.

Related Articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest Articles