Cyber Incident Victim: Lancaster University
Date:
Jul 2019
Location:
United Kingdom
Summary
Lancaster University experienced a sophisticated phishing attack compromising student and applicant data, including names, addresses, contact details, and identity documents. The breach impacted undergraduate applicants across two admission cycles and a limited number of enrolled students, with fraudulent invoices sent to prospective students. The institution detected the incident and established a response team to secure systems, notify affected individuals, and collaborate with law enforcement agencies. No operational disruptions beyond data access occurred, and investigations remained ongoing at the time of reporting.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Lancaster University experienced a sophisticated phishing attack discovered on July 19, 2019, though the institution indicated awareness began the prior Friday (likely July 15). The malicious campaign compromised student and applicant data systems, specifically targeting undergraduate admissions records for 2019 and 2020 cohorts. Attackers exfiltrated personally identifiable information including names, physical addresses, telephone numbers, and email addresses from applicant databases. This stolen data facilitated fraudulent activities, with perpetrators sending counterfeit invoices to prospective students in attempts to extract payments. Additionally, the attackers breached the university's student records system, gaining access to academic records and identification documents belonging to a limited number of enrolled students. University officials characterized the incident as a deliberate, well-organized cyber intrusion rather than opportunistic hacking.
The university activated an incident response team immediately upon confirming the breach, prioritizing system security assessments and victim notifications. Technical remediation efforts focused on isolating compromised systems and preventing further unauthorized access. Administrators coordinated with law enforcement agencies, filing formal reports to initiate criminal investigations into the data theft and phishing operations. Outreach to affected individuals commenced systematically, with priority given to applicants who received fraudulent invoices and students whose sensitive identity documents were accessed. The institution maintained public communication through official spokespersons, acknowledging ongoing response efforts while withholding technical specifics to preserve investigative integrity. No ransomware deployment or system encryption was reported, distinguishing this incident from contemporaneous attacks targeting educational institutions. Impact assessments confirmed data exposure limited to applicant pools and a subset of current students, with no evidence of broader institutional system compromise beyond the targeted databases.