Accessibility navigation

Data breach at Lancaster and cyber security

Internet security

Colleagues may have seen the media coverage around a breach of undergraduate applicants’ data at Lancaster University. The breach followed a sophisticated and malicious phishing attack. Data from Lancaster’s undergraduate applicants for 2019 and 2020, including their names, addresses, telephone numbers and email addresses, as well as details of the other universities each applicant applied to, was accessed and fake invoices sent to some potential students.

From the information available, the fake invoices have been targeted mainly at international students.

There is nothing to suggest that a similar breach has occurred at the University of Reading, but a number of Reading UG applicants this year have also applied to Lancaster and consequently their data held at Lancaster may have been breached. So, as a precaution we are advising all of our shared UG applicants with Lancaster to be aware of any suspicious approaches via email or telephone requesting a payment and we have sent a message to this effect on Tuesday 23 July to relevant applicants. In the unlikely event of you or your teams receive communication relating to this, please forward it to

Our IT colleagues have been working on a range of activities as part of the IT Security Project to make our systems more secure. They are also considering the use of Multi-Factor Authentication to access key software programmes at the University. This would require a user to submit a code sent through as mobile text or in an authenticator app, along with their password, to log in.

In the meantime, we would like to remind users to be careful when they receive emails that look suspicious. Spam emails can be hard to spot, especially if they use ‘spoofed’ email addresses or pretend to be sent from an existing University system.

These emails can also be malicious, and opening links or attachments from them could put your work and personal information at risk.

We ask you to be vigilant and consider the following actions when opening email at work:

  • Never click on links or open attachments in unsolicited emails.
  • Email addresses can be ‘spoofed’ to look like an address you trust. Check the email address carefully, and if unsure, check with the sender.
  • If the email pretends to be sent from a specific system, check the email carefully – emails sent from the University will include clear sender details and branding (including University email signatures).

More information can be found IT’s Cyber Security webpages.

Page navigation

Search Form

Main navigation