View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
June 9, 2023updated 12 Jun 2023 12:08pm

Manchester University hit by cyberattack

Student data may have been copied in the breach. But the university says it hasn't been a victim of the damaging MOVEit Transfer vulnerability.

By Claudia Glover

The University of Manchester has fallen victim to a cyberattack, with data from its systems likely to have been stolen by as yet unidentified attackers.

Manchester University hit by cyberattack. (Photo by Jonathan Tallon/Shutterstock)

The university said it is working with the National Cyber Security Centre and the National Crime Agency to discover the extent of the attack, which is thought to have taken place on Wednesday. In an update posted today, it said information “has been copied” from its systems by the criminals.

The University of Manchester has more than 40,000 students. It is the eighth-best university in the UK, according to the annual ranking produced by Times Higher Education.

University of Manchester cyberattack: MOVEit Transfer fears quelled

The update from Patrick Hackett, the university’s chief operating officer, said: “It has been confirmed that some of our systems have been accessed by an unauthorised party and data have likely been copied. Our in-house experts and external support are working around the clock to resolve this incident, and to understand what data have been accessed.

“We are working to understand what data have been accessed and will update as more information becomes available.”

The statement goes on to warn students to be vigilant of any suspicious phishing emails. Hackett added that the university knows the incident “will cause concern to members of our community and we are very sorry for this”. He urged students to “please carry on a usual”.

The university has also confirmed that it does not believe the attack is due to the MOVEit Transfer flaw, a vulnerability in popular file transfer software which has been widely exploited in recent times. Payroll software company Zellis saw its systems accessed by hackers as a result of the flaw, and data from its customers, including British Airways and the BBC, was stolen.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

Tech Monitor has contacted the University of Manchester for comment but has not received an answer at the time of writing.

UK universities in the sights of hackers

UK universities have been consistently targeted by cybercriminals. The University of Sunderland was attacked in October of 2021 which saw its online classes cancelled and staff emails disrupted.

Just months before that a software supply chain attack hit 19 universities globally, affecting 11 institutions within the UK. BlackBaud, the world’s largest provider of education administration, fundraising, and financial management software, was the source of the supply chain attack.

According to the Department for Science, Innovation and Technology’s most recent cyber breaches survey, 85% of universities that took part identified attacks or breaches within the past 12 months.

Higher education institutions were more likely to be targeted than any other form of educational institutions, the report adds.

Read more: VMware and Cisco vulnerabilities lead to a flurry of patches and workarounds

Topics in this article :
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.