A picture of the words "University of Manchester" displayed on their University building.

What Has Happened?

On June 9th, the University of Manchester announced that it had become the victim of a cyberattack. It has been confirmed that many of the University’s critical systems have been accessed by a malicious actor, and this has resulted in a portion of student and alumni data being stolen. Those identified who may have been affected by this incident have been contacted through University channels.

Several critical University systems were forced to be taken offline for the investigation, and a mandatory password change for all staff and student passwords has also been enforced to prevent any further compromise of accounts or systems.

Many students and staff members of the University have received emails from the perpetrator threatening to publish their data on the dark web if the University does not meet the ransom demand.

Information Stolen

The systems accessed have been identified as the University’s student accommodation system and its alumni system. These two systems hold Personally Identifiable Information (PII), which can be used to personally identify an individual and can lead to identity theft.

Some of the stolen data includes:

  • Name and contact details (address, contact number, and email address).
  • Name and contact details for their next of kin.
  • University ID number.
  • Date of birth.
  • Gender.
  • Nationality, domicile, and ethnicity.

The Wider Implications

This incident follows a pattern of cyberattacks on higher education institutions, with the Vice Society group carrying out attacks against a variety of schools and universities in the US and UK in the past year. Universities present an attractive target for threat actors due to the high volume of both personal and confidential research data, as well as a more open approach to digital access to enable academic collaboration.

Sources:

Manchester Cyber Incident

BBC News