Police arrest man after Lancaster University hacking attack

Police arrest man after Lancaster University cyber attack

Police have arrested a 25-year-old man from Bradford in connection with a data breach at Lancaster University.

Earlier this week, Lancaster University admitted that it had fallen victim to what it described as a “sophisticated and malicious phishing attack” which resulted in “breaches of student and applicant data.”

According to the UK-based university, records related to undergraduate applications for 2019 and 2020 were accessed by an unauthorised party – which included sensitive information such as names and addresses, telephone numbers, and email addresses. Seemingly as a result of this breach, some undergraduate applicants received fake invoices requesting money.

Sign up to our free newsletter.
Security news, advice, and tips.

In addition Lancaster University reported that its student records system was compromised and that “a very small number of students” had their ID documents accessed.

From the sound of things, the current theory is that someone successfully managed to phish login credentials from Lancaster University staff and were then able to use their passwords to access internal databases containing information about students and applicants.

One has to wonder whether there were additional authentication measures in place (such as 2FA or limiting access to specific IP ranges) to reduce the chances of an intruder successfully breaching the network.

The latest development in the case was announced by the National Crime Agency (NCA) on Twitter:

A 25-year old man has been arrested on suspicion of committing Computer Misuse Act (CMA) and fraud offences, following the recent cyber incident affecting Lancaster University. Officers from the NCA’s National Cyber Crime Unit (NCCU) arrested the man on Monday (22 July) and he has since been released under investigation while enquiries are ongoing.

It certainly sounds as if it hasn’t taken the police long at all to find a potential suspect in this case. A+.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.