Another educational institution has fallen to a phishing attack. The University of Lancaster announced that malicious actors have attacked their servers, exposing the data of thousands of their students.
In a press release, Lancaster University said that “has been subject to a sophisticated and malicious phishing attack” which not only resulted in exposing their students’ data but compromising the information of their applicants as well.
Sensitive information of students like names, addresses, phone numbers, and email addresses, has been exposed after a threat actor has gained unauthorized access to the university’s undergraduate student applicant data records for 2019 and 2020.
Furthermore, the university also said that these compromised data has already been used to carry out further cyber-attacks against persons in the database. They said that they are already aware that fraudulent invoices have been sent to their applicants and are warning each affected individual to be careful.
“We are aware that fraudulent invoices are being sent to some undergraduate applicants. We have alerted applicants to be aware of any suspicious approaches,” the press release said.
Another breach also occurred after the hackers have also gained access to the university’s student record database exposing their student’s data as well. As of writing, the Lancaster University said that they are only aware of a few students who have been affected by the breach. Those students have had their student record and ID documents accessed.
The university has already notified affected students and has warned them to keep being vigilant of any fraudulent activities that may target them.
It was confirmed last Friday that the university was the source of the breach and they said that have already contacted authorities under existing regulations in handling data breaches.
They also established a group of individuals as part of an incident response team to investigate the matter and to contain the breach. They also established a hotline and email address to help applicants and students in case they fall victim to more attacks from the threat actors.
“Since Friday, we have focused on safeguarding our IT systems and identifying and advising students and applicants who have been affected. This work of our incident team is ongoing, as is the investigation by law enforcement agencies.”
Z6Mag attempted to reach out to the press office of the university, but a spokesperson declined to comment regarding the matter.
“Because this is a live investigation we will not be making any further comment at this stage,” they said.
Data breaches targeted educational institutions
In the past few weeks, educational institutions and service providers seem to be targeted by different threat actors. As reported by Z6Mag three days ago, educational institutions and services have been part of two separate data breaches in the past month.
The US Education Department confirmed this week that at least 62 colleges had been affected by a data breach after hackers exploited a vulnerability in an enterprise resource planning (ERP) web app.
The ERP web app is called Ellucian Banner Web Tailor, which allows colleges to customize and design their home pages, has been breached with reports saying that the data derived from the said leak by a hacker who made fake profiles were used “almost immediately for criminal activity.”
According to the announcement made by the US Education Department, hackers have already started exploiting the said vulnerability. “The Department has identified 62 colleges or universities that have been affected by the exploitation of this vulnerability,” officials said.
“We have also recently received information that indicates criminal elements have been actively scanning the internet looking for institutions to victimize through this vulnerability and developing lists of institutions for targeting with this exploitation.”
Another data breach has also affected K12.com, an online platform for education professionals after Comparitech security researcher Bob Diachenko uncovered and unprotected MongoDB that has exposed 6,988,504 records containing students’ data which includes primary personal email address, full name, gender, age, birthdate, school name, authentication keys for accessing ALS accounts and presentations, among other internal data.
“K12 takes data security very seriously. Whenever we are advised of a potential security issue, we investigate the problem immediately and take the appropriate actions to remedy the situation,” said the company in response to the data breach.