Student Information at Risk
Students who were directly and seriously affected were contacted on Sunday 21st July, to be made aware that their information and student record data had been breached. With details on what to do next, how this happened and sincere apologies from the University.
One student affected, Erin Wilson gave a comment for SCAN, stating that “it’s quite distressing because my information is out there, but it’s also quite a weird occurrence”. Erin acknowledged and commented that this incident has only affected a small number of students, but also told us that “although the situation is being managed however the University sees fit, it’s still worrying”.
The University sent a student wide email out, announcing that this breach has occurred, and that student information has been obtained. They state that they are “aware of two data breaches” one of which affects current students. It appears that both current and prospective students have been affected by this data breach.
The two breaches include current student identification data and 2019 and 2020 undergraduate applicant data.
The University Press Office has given a comment to the SCAN team, stating that “Undergraduate student applicant data records for 2019 and 2020 entry have been accessed. This includes information such as their name, address, telephone number, and email address. We are aware that fraudulent invoices are being sent to some undergraduate applicants. We have alerted applicants to be aware of any suspicious approaches.”
Further to this, they have stated “We acted as soon as we became aware that Lancaster was the source of the breach on Friday and established an incident team to handle the situation. It was immediately reported to the Information Commissioner’s Office. Since Friday we have focused on safeguarding our IT systems and identifying and advising students and applicants who have been affected. This work of our incident team is ongoing as is the investigation by law enforcement agencies.”
The University has asked SCAN to make readers aware that they should contact the University on firstname.lastname@example.org or 01524 510044 should they need advice, have any queries, or feel that they may have been affected by this attack.
The University holds all student information on the University’s student records system, which includes “scanned copies” of identification documents. They became aware
Despite the University
What is the University doing?
As soon as the University became aware of the breach, they put a team of investigators and are currently liaising with law enforcement agencies to investigate the data breach. How exactly the data became accessible is still being investigated. The University is now taking steps to “further enhance security”.
This is an ongoing story.
On Monday 22nd July a 25-year old man, from Bradford, was arrested on suspicion of committing Computer Misuse Act and fraudulent offences. However, he has since been released under investigation while enquiries continue.