The University of Manchester warns staff and students that they suffered a cyberattack where threat actors likely stole data from the University’s network.
The University is a public research institute and one of the UK’s largest and most successful education and research hubs, with over 10,000 staff and 45,000 students.
In a statement published on its website, the University of Manchester says they discovered the breach on Tuesday, June 6th, and immediately launched an investigation.
“Regrettably, I have to share with you the news that the University is the victim of a cyber incident,” reads the statement on the University’s website.
“It has been confirmed that some of our systems have been accessed by an unauthorised party and data have likely been copied.”
The announcement further informs that in-house experts and external support are working non-stop to remediate the situation, determine exactly which systems have been accessed, and work toward a timely system restoration.
The University says they informed all relevant authorities, including the Information Commissioner’s Office, the National Cyber Security Centre (NCSC), and the National Crime Agency, about the security and data breach.
“We know this will cause concern to members of our community and we are very sorry for this. Our priority is to resolve this issue and provide information to those affected as soon as we are able to, and we are focusing all available resources,” apologized The University of Manchester.
The University has set up a separate FAQ page for the “cyber incident,” primarily devoted to hosting security guidance for students and staff members.
Currently, the University’s members aren’t required to reset their passwords, but high vigilance against potential phishing attacks is advised.
On the topics of who is responsible for the attack and whether any sensitive research or personal data has been stolen, the University was limited to saying that the investigation is still ongoing and will inform the public as soon as more information becomes available.
Furthermore, the University of Manchester says its security incident is unrelated to the recent MOVEit Transfer data theft attacks or the associated data breach at Zellis.
While the University’s statements do not provide any further details on the attack, BleepingComputer has learned from sources that it was ransomware.
However, we have not been able to confirm this independently, and the University’s spokesperson has declined to comment on the topic when asked by BleepingComputer.