Issue 1823 News

Imperial College launches investigation into February cyber attack

Information accessed included names and details of money owed by some students to the College. Students affected have already been contacted.

Imperial College launches investigation into February cyber attack

Imperial College London has launched an investigation into a cyber-security attack on its IT systems which took place in February. Confidential information was accessed, including the names and courses of some students, and details of money they owed to the College. However, no student bank details or passwords were obtained. 

All of the affected students were emailed by Imperial’s Student Credit Control team at the beginning of this month and informed of the breach. “We have identified all of the information that was potentially accessed and have secured this data,” reads the email. “We have also blocked the external account from accessing any College systems, as well as launching an investigation into the potential data breach… Your password and your own banking details should be safe.”

The College believes that the purpose of the attack was to obtain information about its debtors, with the aim of writing to organisations to trick them into paying money owed to Imperial into a fraudulent account.

 “We are aware that at least one College supplier has received correspondence along these lines,” the email continues. “That supplier was suspicious of the correspondence it received and alerted the College to this attempted fraud.”

Imperial informed the Information Commissioner’s Office, the UK regulator for data protection, which has since confirmed that it is content with the College’s response and will take no further action. 

The College is reviewing its security measures and systems in light of this incident to see if there are any actions that could make a similar incident less likely in future. It has urged all College members to report suspicious activity on their accounts and only click on links in messages from trusted sources. 

An Imperial College London spokesperson said: “As soon as we became aware of this malicious attack, we took swift action to protect our security systems and students’ data. We have identified and secured all of the information that was potentially accessed and have contacted all students affected by the breach.”

Students with concerns can contact the ICT Security team: Level 4, Sherfield Building, South Kensington Campus, it-security-officer@imperial.ac.uk or +44(0)207 594 6966.