A “sophisticated and malicious” phishing attack has led to Lancaster university student’s personal data being stolen.
The university announced in a statement that undergraduate student applicant data for 2019 and 2020 entry had been accessed, this included their names, address, telephone numbers and email address.
The statement wrote:
“We are aware that fraudulent invoices are being sent to some undergraduate applicants. We have alerted applicants to be aware of any suspicious approaches.”
A second breach occurred within the university’s student records system, and as of yet only a “very small number” of student records and ID documents have been accessed. Those students are being contacted with advice on what to do.
The university have contacted the police and the Information Commissioner’s Office about the breach.
“Since Friday we have focused on safeguarding our IT systems and identifying and advising students and applicants who have been affected. This work of our incident team is ongoing as is the investigation by law enforcement agencies.”
Join our free-to-attend digital event, Last Thursday in Privacy, addressing data protection, privacy and security challenges including working from home, COVID-19, global regulations and more. Visit https://digital.privsec.info/.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.