After reporting the incident to the National Crime Agency, the National Cyber Security Centre and Information Commissioner’s Office, UKRI stated that at this point it cannot confirm whether or not any data was extracted from its systems, as investigation is underway.
The cyber attack’s impact was seen on two of its services – a portal of the UK Research Office (UKRO) based in Brussels and an extranet (called the BBSRC extranet) used by the UK’s Councils.
The UKRO portal offers subscribers information service, while the extranet supports the peer review process of different parts of UKRI.
No other UKRI systems have been affected and UKRI’s important tasks continue, the non-departmental public body said.
In an effort to support the ongoing investigation and also to protect users, UKRI has suspended its services.
The body also said that its councils and several cross-cutting schemes use the impacted extranet for some of their peer review activity. This could result in some of their data being compromised, including review information and grant applications. However, it is presently unclear whether or not the data has been stolen.
In a statement UKRI said: “We are working to restore all affected services as soon as possible and provide alternative support to minimise any disruption to the peer review process and users of the UKRO portal. We will provide further updates in due course.”
The UKRO service is used by 13,000 subscribers, but it does not contain any sensitive personal data.