A 25-year old man from Bradford has been arrested on suspicion of committing Computer Misuse ACT and fraud offences after students’ personal data was stolen in a sophisticated and malicious cyber attack on Lancaster University.
College officials have admitted that the information has already been used to send bogus invoices to this year’s applicants.
Lancaster has reported the incidents to the Information Commissioner’s Office and law enforcement agencies..
In a press release the university said it is aware of two breaches of data:
*Undergraduate student applicant data records for 2019 and 2020 entry have been accessed. This includes information such as name, address, telephone number and email address. The university said it was aware that fraudulent invoices are being sent to some undergraduate applicants. It alerted applicants to be aware of any suspicious approached.
*A breach has also occurred of the university’s student record system and a small number of students have had their record and ID documents assessed.
It advised applicants, students and staff to contact it if they receive any suspicious communications via email firstname.lastname@example.org.