The University of Manchester has fallen victim to a cyberattack, with data from its systems likely to have been stolen by as yet unidentified attackers.
The university said it is working with the National Cyber Security Centre and the National Crime Agency to discover the extent of the attack, which is thought to have taken place on Wednesday. In an update posted today, it said information “has been copied” from its systems by the criminals.
The University of Manchester has more than 40,000 students. It is the eighth-best university in the UK, according to the annual ranking produced by Times Higher Education.
University of Manchester cyberattack: MOVEit Transfer fears quelled
The update from Patrick Hackett, the university’s chief operating officer, said: “It has been confirmed that some of our systems have been accessed by an unauthorised party and data have likely been copied. Our in-house experts and external support are working around the clock to resolve this incident, and to understand what data have been accessed.
“We are working to understand what data have been accessed and will update as more information becomes available.”
The statement goes on to warn students to be vigilant of any suspicious phishing emails. Hackett added that the university knows the incident “will cause concern to members of our community and we are very sorry for this”. He urged students to “please carry on a usual”.
The university has also confirmed that it does not believe the attack is due to the MOVEit Transfer flaw, a vulnerability in popular file transfer software which has been widely exploited in recent times. Payroll software company Zellis saw its systems accessed by hackers as a result of the flaw, and data from its customers, including British Airways and the BBC, was stolen.
Tech Monitor has contacted the University of Manchester for comment but has not received an answer at the time of writing.
UK universities in the sights of hackers
UK universities have been consistently targeted by cybercriminals. The University of Sunderland was attacked in October of 2021 which saw its online classes cancelled and staff emails disrupted.
Just months before that a software supply chain attack hit 19 universities globally, affecting 11 institutions within the UK. BlackBaud, the world’s largest provider of education administration, fundraising, and financial management software, was the source of the supply chain attack.
According to the Department for Science, Innovation and Technology’s most recent cyber breaches survey, 85% of universities that took part identified attacks or breaches within the past 12 months.
Higher education institutions were more likely to be targeted than any other form of educational institutions, the report adds.