Cyber Incident Victim: University of Liverpool

On or around April 5, 2016, Israeli researchers identified a database containing contact details for approximately 6,500 University of Liverpool staff members circulating on a dark web forum. The exposed records included surnames, institutional email addresses, and business telephone numbers of academic and administrative personnel. Attackers promoted the dataset as a tool for launching targeted phishing campaigns against university employees. The data originated from an automated cyber-attack targeting a departmental online booking system at the university, though the institution maintained the compromised information was already publicly accessible through conventional channels. University representatives characterized the incident as a security breach rather than a data breach, emphasizing that no confidential or restricted information had been improperly accessed.

The University of Liverpool confirmed detecting the automated attack on its booking system, which resulted in the extraction and subsequent publication of the staff directory information. While acknowledging the security incident, the institution differentiated it from conventional data breaches by noting the inherently public nature of the exposed contact details typically available on university websites and directories. No evidence suggested financial data, student records, or sensitive personal information was compromised. The primary documented consequence centered on the weaponization potential of the dataset for phishing operations, as highlighted by its distribution in cybercriminal forums. The university did not disclose specific containment measures beyond its initial detection of the automated attack and public statement clarifying the nature of the exposed data.