Cyber Incident Victim: University of Central Lancashire

On March 7, 2021, the University of Central Lancashire (UCLAN) in Preston experienced a cyber-attack that disrupted remote-learning systems, preventing students from submitting assignments. The university activated its full incident response plan immediately following the detection of the incident, working to assess the scope of the compromise and stabilize affected infrastructure. As a precautionary measure, UCLAN suspended access to multiple systems, resulting in temporary downtime for staff and students. University representatives confirmed the attack was contained and rectified within hours of its discovery, with no data loss occurring during the incident. Core teaching and learning systems were restored to near-full functionality by Sunday evening, ensuring academic activities could proceed as scheduled on Monday. Lancashire Police were notified of the breach, though no operational details of their involvement were disclosed.

The UCLAN incident occurred amid a series of attacks targeting UK higher education institutions within the same week. Queen’s University Belfast had suspended system access on Friday, March 5, following a similar cybersecurity incident, while the University of the Highlands and Islands in Scotland reported attacks targeting its online platforms on Monday, March 8. The National Cyber Security Centre (NCSC), a division of GCHQ, initiated investigations into all three incidents but did not confirm whether the attacks were coordinated or attributable to the same threat actor. The NCSC noted it had previously issued specialized guidance to universities in 2019 highlighting cybersecurity risks to the education sector. UCLAN’s restoration of critical systems within 24 hours minimized academic disruption, though the precautionary system suspensions caused short-term operational delays across affected institutions.