Over 1,000 Times Data Breaches at UK Universities According to FOI Request

UK’s Foreign Office Data Targeted by the Callisto Group

According to an FOI (Freedom of Information) request; data has been breached over 1,000 times at UK universities, and has led to the theft of valuable information by foreign governments. This included over 500 breaches/attacks at esteemed universities such as Oxford and UCL (University College London).

Queen Mary, University of London, informed The Times, that it had prevented a staggering number of attacks – almost 40 million – while another institution claimed that it sustained at least 1000 attacks a month. This institution chose to remain anonymous.

University staff traced the attacks to nation-states – specifically, China and Russia. Experts agree that the UK needs to step up their cybersecurity. The hackers were looking for scientific research – including military applications for stealth technology, and information on new types of fuel and batteries.

Obviously, this information is not only important to universities but to the UK as a nation-state as well. Elite universities are traditionally where the youngest and brightest citizens attend to educate themselves, so they become natural targets in global cybersecurity warfare.

Anton Grashion, a director at Cylance, a cybersecurity firm, added that the university networks were so complex, that often the security budget takes a backseat to more organization and bureaucratic aspects of universities – namely, separating the networks between faculty and students.

He specifically pointed out that hackers tend to look for means, motive, and opportunity – going on to elaborate that the means and motives with rival nation-states already exist, but that a unique opportunity exists when it comes to UK universities – often a weak link when it comes to scientific research in comparison with government institutions, which are more secure, and obviously more prepared for cyber security attacks.

With nation-states, the means and motive already exist – the motive being that they want to ensure that their country is on the cusp of military intelligence, and the means being that they can. This kind of cybersecurity warfare is constant between foreign governments, but the addition of universities into the realm of cybersecurity warfare is relatively new.

This is all different from last year when the University of Greenwich had a data breach. It was revealed that in this situation, in 2016, it was a “revenge hack” from a former student – who went on to post personal information about students, even going so far as to reveal mental health records. The story even gained attention on Twitter. However, the hacker did manage to get access to the university’s website, stealing personal and confidential data, and uploading this data to the internet. These details were quickly removed by the university.

Clearly, nation-states hacking universities regarding the latest research is a problem of a different caliber. Henry Seddon, VP at DuoSecurity, added that not only should security updates be constant, but that faculty and students should both be vigilant and kept up to date with the latest kind of “phishing” tactics that hackers use to breach networks.