Data likely stolen in Manchester University attack

'It has been confirmed that some of our systems have been accessed by an unauthorised party and data have likely been copied,' COO says

Manchester University was hit last week by a cyberattack week, with the possibility that personal data was stolen by the attacker.

In a statement published on June 9th on the University's website, Patrick Hackett, registrar, secretary and chief operating officer, said: "Regrettably, I have to share with you the news that the University is the victim of a cyber incident. It has been confirmed that some of our systems have been accessed by an unauthorised party and data have likely been copied."

The attack happened on June 6th and relevant authorities including the ICO, NCA and NCSC have all been informed, Hackett said. The university and external experts are working "around the clock" to try to ascertain what data might have been accessed, he added.

No information about the suspected identity of the threat actors or the nature of the attack have been provided. However, according to the university, it does not appear to be connected to the recent spate of attacks attributed to the Clop ransomware gang.

"We have no indicators to believe that this incident is the work of the same or associated perpetrators of the hacks at MoveIT and Zellis," the university says on a FAQ page.

The Clop gang exploited a vulnerability in the file transfer web application MOVEit, which is used in the payroll suite Zellis, to infiltrate computer networks worldwide and steal sensitive information, resulting in the potential extortion of numerous companies across the globe.

On Thursday the gang threatened its victims, which include BA, the BBC, Boots and Aer Lingus, an ultimatum to pay a ransom within a week or see the publication of stolen data online.