Weeks after being hit by a ransomware attack, the University of Manchester confirms the data breach now – with senstive data of current and former students leaked in wild.

This comes after the threat actor started emailing the victims students and staff earlier this week, possibly forcing the university to pay its ransom. While the university is investigating, it claims to have informed the victims already, and warns people not to interact with any suspicious emails.

Intimating and Investigating the Data Breach

The University of Manchester on June 6th suffered a data breach incident, where an unknown threat actor (possibly a ransomware) has reportedly stolen senstive data of the organisation. Confirming this data breach incident on June 9th, the University said it’s not linked to the recent MOVEit Transfer attacks.

Well, another notification released today revealed more details of the incident – where the university said the following data of its alumnus and current students were leaked;

  • Names and contact details (address, telephone numbers, and email address)
  • University ID numbers
  • Dates of birth and gender
  • Nationality, domicile, and ethnicity
  • UCAS number and fee status
  • UCAS disability code (where relevant)
  • For some students, the documents also included a summary of key communications or other records relating to their university accommodation.

This comes after the threat actors behind this attack started emailing the victims (staff and students of the university), reminding them about the leak. Their communication noted claims of stealing 7TB of confidential data belonging to the university’s stakeholders. This includes the PII of students and staff, research data, medical data, police reports, drug test results, databases, HR documents, finance documents, and more. and more.

The University claims to have informed the affected individuals directly, and warns the students to remain vigilant of any suspicious emails incoming. Further, if asks them not to respond to any such communication, while it’s Investigating the incident with relevant authorities – including the Information Commissioner’s Office, the National Cyber Security Centre (NCSC), the National Crime Agency, and other regulatory bodies.