Newcastle University confirmed in an email yesterday that the personal data of staff and students has been made available on the dark web. This includes students’ full names, user ID and a version of their University email address.
This follows reports that home addresses, personal email addresses and phone numbers of staff and students at the NUMed Malaysia campus have also been leaked. The email from Lucy Buckhurst, Newcastle’s Academic Registrar, makes no mention of this, and claims the University is unable to give further details.
“The University is continuing to investigate the full impact of the cyber-incident and it is not yet possible to provide any further information,” it insists.
The Tab has claimed that the files were leaked on 12 October by DoppelPaymer, a cyber crime organisation. It was DoppelPaymer that carried out the initial cyber attack on Newcastle University at the end of August.
The information was obtained from the University’s Global Address List (GAL), a digital shared address book which contains details about University personnel. This includes both staff and students.
The University has confirmed that the other student data leaked is the department or school at which students are enrolled, the course they are studying and their UCAS course number. The job titles and University landline phone numbers of members of staff have also been leaked.
The University became aware of a cyber incident on 30 August. Newcastle later confirmed it was an attack carried out by DoppelPaymer, which was holding the University to ransom.
The group used malware that was similar to software developed by another group called Evil Corp. Members of Evil Corp faced charges of conspiracy and fraud, and were sanctioned by the US Treasury last year.
The University may not be able to pay the ransom to DoppelPaymer without breaching these sanctions if the groups are shown to be linked.
In the email, Backhurst adds that “the University uses industry-standard tools and processes”, and says “we take the security of our systems extremely seriously”.
“This remains the subject of a Law Enforcement investigation. Our team in NUIT is working with these agencies to address the issue.”
Backhurst’s email also emphasises the need to stay vigilant against attempts at phishing. It advises students to delete any digital communication that doesn’t appear “genuine”, or to “check with the sender”.
It goes onto say, though, that students should not respond to the sender. It also recommends not opening attachments or links that they send.
The email ends “we apologise once again for any inconvenience this is causing. Our IT teams continue to work round the clock to investigate and resolve the issue and we will continue to keep you updated.”
Note: this article was amended on 10 November to replace the phrase ‘deep web’ with ‘dark web’. An explanation of the difference can be found here.
Featured Image: Wikimedia Commons
Last modified: 19th November 2020