Earlier this week, Lancaster University admitted that it had fallen victim to what it described as a “sophisticated and malicious phishing attack” which resulted in “breaches of student and applicant data.”
According to the UK-based university, records related to undergraduate applications for 2019 and 2020 were accessed by an unauthorised party – which included sensitive information such as names and addresses, telephone numbers, and email addresses. Seemingly as a result of this breach, some undergraduate applicants received fake invoices requesting money.
In addition Lancaster University reported that its student records system was compromised and that “a very small number of students” had their ID documents accessed.
From the sound of things, the current theory is that someone successfully managed to phish login credentials from Lancaster University staff and were then able to use their passwords to access internal databases containing information about students and applicants.
One has to wonder whether there were additional authentication measures in place (such as 2FA or limiting access to specific IP ranges) to reduce the chances of an intruder successfully breaching the network.
The latest development in the case was announced by the National Crime Agency (NCA) on Twitter:
A 25-year old man has been arrested on suspicion of committing Computer Misuse Act (CMA) and fraud offences, following the recent cyber incident affecting Lancaster University. Officers from the NCA’s National Cyber Crime Unit (NCCU) arrested the man on Monday (22 July) and he has since been released under investigation while enquiries are ongoing.
It certainly sounds as if it hasn’t taken the police long at all to find a potential suspect in this case. A+.