Newcastle University

Newcastle University is a higher education institution situated in the United Kingdom. It delivers undergraduate and postgraduate teaching across a variety of academic disciplines and undertakes research activities that contribute to knowledge creation. The university serves both domestic and international students, offering degree programmes, continuing education opportunities and engagement with industry and other academic partners. It operates within the UK’s higher education system and provides services that support learning, scholarship and innovation.

The institution has been the subject of several publicly reported cyber security incidents. In September 2020 a ransomware attack affecting the cloud provider Blackbaud led to the theft of personal data such as names, dates of birth, addresses, phone numbers and email addresses of individuals associated with the university. Earlier in September 2020 the DoppelPaymer ransomware group targeted the university, disrupting IT systems, stealing a backup file and threatening to release further data unless a ransom was paid. In July 2017 the university warned prospective students about a fraudulent website that mimicked its official domain to harvest sensitive information including credit card details, passport numbers and birthdates. These episodes prompted the university to notify affected parties, advise on security precautions and issue alerts about fraudulent sites to protect applicants, particularly those from overseas.

The university’s response to these events highlights its focus on data protection and communication with stakeholders. Following the Blackbaud incident the institution confirmed that it had notified impacted individuals and stated that only routine security precautions were deemed necessary after its investigation. After the DoppelPaymer attack the university acknowledged the disruption and the theft of a backup file while noting that initial leaked files did not contain sensitive staff or student information. Regarding the phishing site, the university explicitly declared no affiliation with the fraudulent platform and directed users to its legitimate website, reinforcing its commitment to safeguarding the personal information of applicants and students. These actions illustrate the university’s approach to managing cyber security risks and maintaining trust within its community.