The University of Manchester finally confirmed that attackers behind a cyberattack disclosed in early June had stolen data belonging to alums and current students.
“Based on our investigations we believe that a small proportion of data has been copied that relates to some students, and some alumni. We have written directly to those individuals who may have been affected by this,” the university said.
“We understand that this will create concern for some, but we would like to assure our community that our internal and external experts are working around the clock to continue to address this and our investigations are continuing.”
According to an update to the cyberattack information page, the attackers accessed the following types of sensitive data:
- Names and contact details (address, telephone numbers, and email address)
- University ID numbers
- Dates of birth and gender
- Nationality, domicile, and ethnicity
- UCAS number and fee status
- UCAS disability code (where relevant)
- For some students, the documents also included a summary of key communications or other records relating to their university accommodation.
Some former students also had their names, contact details, University ID numbers, gender, dates of birth, and basic program information.
“We have not identified any unauthorized access to a bank account or card payment details – we do not store such information on the above systems,” the university said.
“We are asking all staff and students to remain vigilant of any suspicious emails, including those that appear to come from those responsible for this incident. Do not engage with or reply to these emails in any way.”
The university said it’s collaborating with relevant authorities to investigate the incident, including the Information Commissioner’s Office, the National Cyber Security Centre (NCSC), the National Crime Agency, and other regulatory bodies.
