Man arrested over UK’s Lancaster University data breach hack allegations

Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India

Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan

Credits: The Register

Cops have cuffed a 25-year-old man from Bradford on suspicion of committing Computer Misuse Act crimes after Lancaster University suffered a data breach affecting more than 12,000 students and applicants.

In a statement the National Crime Agency said: “Officers from the NCA’s National Cyber Crime Unit arrested the man on Monday (22 July) and he has since been released under investigation while enquiries are ongoing.”

As we reported yesterday, Lancaster University admitted that a phishing attack had resulted in person or persons unknown accessing the personal data of people applying for undergraduate degree courses starting this year and in 2020.

Reg’s sources: Students paid fraudulent invoices

Names, addresses, email addresses and phone numbers were among the categories of data visible to the hackers. Fraudulent invoices were sent to some, the university admitted. With overseas applicants (of which Lancaster had 575 last year from non-EU countries and 375 from other EU countries) paying fees measured in the tens of thousands of pounds per year, the potential for high returns is great.

Our sources added that around half a dozen students had paid these fraudulent invoices. The highest undergraduate fees for overseas (non-EU) students is Lancaster’s Bachelor of Medicine, Bachelor of Surgery (MBChB) course at £31,540.

Sources with knowledge of the situation told The Register that the breach could potentially have affected 20,000 people all told. El Reg‘s own estimate of UK applicants affected by the breach stands at 12,500 people based on public UCAS data, as we set out yesterday.

We are further informed that the attackers’ route in was through the compromise of a staff account with administrator credentials, handing the attackers a golden ticket with which to rampage through the university’s systems.

Lancaster University declined to comment.

Back in April JISC, the artists formerly known as the UK academic Joint Information Systems Committee, warned that they had a 100 per cent success rate when researchers phished universities as part of a red-teaming exercise. Evidently someone wasn’t listening.

www.extremehacking.org

Sadik Shaikh | Cyber Suraksha Abhiyan, Ethical Hacking Training Institute, CEHv10,CHFI,ECSAv10,CAST,ENSA, CCNA, CCNA SECURITY,MCITP,RHCE,CHECKPOINT, ASA FIREWALL,VMWARE,CLOUD,ANDROID,IPHONE,NETWORKING HARDWARE,TRAINING INSTITUTE IN PUNE, Certified Ethical Hacking,Center For Advanced Security Training in India, ceh v10 course in Pune-India, ceh certification in pune-India, ceh v10 training in Pune-India, Ethical Hacking Course in Pune-India

The post Man arrested over UK’s Lancaster University data breach hack allegations appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.



from Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity https://ift.tt/2Mi9Ugq