Over 4,000 University of York students targeted in “malicious” data breach

Data on thousands of students at the University of York has been accessed in a “malicious” data breach.

Hackers “directly accessed” the administrative records of 88 students and were able to view “some private information”.

They also accessed “very basic data” on a further 4,400 students where “less detailed” information was downloaded by the hackers.

In a statement, the university clarified: “There was no access to any financial information or other sensitive data.”

They added: “We are not aware of any students being subject to further targeting, such as attempted fraud, as a result of this data being accessed.”

The university has reported the breach to the Information Commissioner’s Office (ICO) and is liaising with the National Crime Agency (NCA). The incident is under police investigation.

A NCA spokesperson said: “We can confirm we have been in contact with the University of York about a compromise of their systems.

There was no access to any financial information or other sensitive data

– University of York

“Investigations into this incident are ongoing so we aren’t able to comment further at this time.”

The university is in the process of contacting the 88 students affected by the breach.

Last week, there was a “sophisticated and malicious” phishing attack at Lancaster University which used information to send “fraudulent invoices” to undergraduate applicants.

“A very small number” of applicants records for 2019 and 2020 entry were made vulnerable, which included names, addresses, telephone numbers and email addresses.

Since then, the university has “focused on safeguarding (their) IT systems and identifying and advising students and applicants who have been affected”.

The news comes as it was revealed by Buzzfeed that the Department for Education (DfE) retains data regarding sexual orientation and religious beliefs of over three million people.