How a Ransomware Attack on the University of Manchester Threatens Student Data

A recent cyberattack on the University of Manchester has put the personal data of thousands of students at risk. The hackers behind the attack have started to email students, warning them that their data will soon be leaked online if the university does not pay a ransom.

Read: Chilean Army Hit by Rhysida Ransomware, Documents Exposed

What happened?

On June 9, 2023, the University of Manchester announced that it had suffered a cyber incident in which some of its systems had been accessed by an unauthorized party, and data had likely been copied. The university did not disclose the nature or extent of the breach, but said it was working with relevant authorities and experts to resolve the issue.

The next day, BleepingComputer reported that the ransomware operation behind the attack was LockBit 2.0, a notorious group that encrypts victims’ files and threatens to publish them on a leak site if they do not pay a ransom. According to the report, LockBit 2.0 had already posted some screenshots of the university’s files on its leak site, including financial documents and student records.

The hackers also claimed to have sent emails to students, warning them that their data would be leaked in 10 days if the university did not pay up. The emails contained a link to the leak site and a sample of the stolen data, such as names, email addresses, phone numbers, and dates of birth.

What are the implications?

The cyberattack on the University of Manchester is a serious breach of data protection and privacy that could have severe consequences for the affected students. The stolen data could be used for identity theft, fraud, phishing, blackmail, or other malicious purposes. The students could also face emotional distress, reputational damage, or legal liability if their data is exposed or misused.

The university could also face regulatory fines, legal action, or reputational harm for failing to protect its systems and data from unauthorized access. The UK’s Information Commissioner’s Office (ICO) has the power to impose penalties of up to 4% of annual global turnover or £17.5 million, whichever is higher, for breaches of the General Data Protection Regulation (GDPR). The university could also face lawsuits from students or other stakeholders who may seek compensation for damages caused by the breach.

How can this be prevented?

The cyberattack on the University of Manchester highlights the need for robust cybersecurity measures and awareness in the education sector. Universities and colleges store large amounts of sensitive data on their students, staff, and research projects, making them attractive targets for hackers. They also face challenges such as limited budgets, complex IT infrastructures, and diverse user groups.

To prevent or mitigate such attacks, universities and colleges should adopt best practices such as:

– Conducting regular risk assessments and audits of their IT systems and data

– Implementing strong encryption, backup, and recovery solutions

– Updating and patching their software and hardware regularly

– Educating their users on how to spot and avoid phishing emails and other cyber threats

– Having an incident response plan and team in place

– Reporting any breaches or suspicious activities to relevant authorities and stakeholders

Cybersecurity is not only a technical issue but also a human one. Everyone has a role to play in protecting their own data and that of others. By being vigilant and responsible online, we can all help prevent cyberattacks and safeguard our digital assets.

Keep in touch with our blog to read the latest news and innovations in the cybersecurity world.

University of Manchester

Photo by Joe Cleary on Unsplash.

Facebook: Eagle Tech Corp

Instagram: @eagletech_corp

Twitter: @eagletechcorp

LinkedIn: Eagle Tech

YouTube: Eagle Tech Corp

Cyber security & IT Managed Services

Table of Contents

Share this Article
Related Articles