Police arrest man after Lancaster University hacking attack

Graham Cluley
@gcluley

Police have arrested a 25-year-old man from Bradford in connection with a data breach at Lancaster University.

Earlier this week, Lancaster University admitted that it had fallen victim to what it described as a “sophisticated and malicious phishing attack” which resulted in “breaches of student and applicant data.”

According to the UK-based university, records related to undergraduate applications for 2019 and 2020 were accessed by an unauthorised party – which included sensitive information such as names and addresses, telephone numbers, and email addresses. Seemingly as a result of this breach, some undergraduate applicants received fake invoices requesting money.

Sign up to our newsletter
Security news, advice, and tips.

In addition Lancaster University reported that its student records system was compromised and that “a very small number of students” had their ID documents accessed.

From the sound of things, the current theory is that someone successfully managed to phish login credentials from Lancaster University staff and were then able to use their passwords to access internal databases containing information about students and applicants.

One has to wonder whether there were additional authentication measures in place (such as 2FA or limiting access to specific IP ranges) to reduce the chances of an intruder successfully breaching the network.

The latest development in the case was announced by the National Crime Agency (NCA) on Twitter:

A 25-year old man has been arrested on suspicion of committing Computer Misuse Act (CMA) and fraud offences, following the recent cyber incident affecting Lancaster University. Officers from the NCA’s National Cyber Crime Unit (NCCU) arrested the man on Monday (22 July) and he has since been released under investigation while enquiries are ongoing.

It certainly sounds as if it hasn’t taken the police long at all to find a potential suspect in this case. A+.

Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.


Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.