Under penetration testing, Jisc – the UK provider of ICT services for the education sector, said there was a 100 percent track record of gaining access to high-value data within two hours.
“Lancaster University has been subject to a sophisticated and malicious phishing attack which has resulted in breaches of student and applicant data,” said the university.
“The matter has been reported to law enforcement agencies and we are now working closely with them.”
It said that there had been two breaches of data.
The first breach concerned undergraduate student applicant data records for 2019 and 2020 entry.
The university said that it acted as soon as it became aware that Lancaster was the source of the breach on Friday and established an incident team to handle the situation.