Picture: Sharma ax

The University of Manchester has finally confirmed that the attackers behind a cyberattack revealed in early June stole data belonging to current alumni and students.

The University first revealed the attack on June 9, warning that data was likely stolen but said the incident had nothing to do with MOVEit Transfer data theft attacks.

On Tuesday, BleepingComputer first reported that the hackers behind the attack were sending emails to students claiming to have stolen 7TB of confidential student and staff data.

“We would like to inform all students, faculty, administration and staff that we successfully hacked the manchester.ac.uk network on June 6, 2023,” the threat actors said in the email.

“We stole 7TB of data, including confidential student and staff personal information, research data, medical data, police reports, drug test results, databases, HR documents, financial documents, etc. and more.”

BleepingComputer has contacted the University of Manchester about these emails, but has not yet received a response.

However, the University of Manchester has now confirmed that data was indeed stolen in the incident from a system used to help manage university student accommodation.

“Based on our investigations, we believe a small proportion of data has been copied regarding some students and alumni. We have written directly to those who may have been affected by this,” the university said. said.

“We understand this will create concern for some, but we would like to assure our community that our internal and external experts are working around the clock to continue to resolve this issue and our investigations are ongoing.”

According to an update to the cyberattack information page, attackers gained access to the following types of sensitive data:

• Names and contact details (address, telephone numbers and email address)
• University identification numbers
• Dates of birth and sex
• Nationality, domicile and ethnic origin
• UCAS number and fee status
• UCAS disability code (if applicable)
• For some students, the documents also included a summary of key communications or other documents relating to their university accommodation.

Some former students also had their names, contact details, university ID numbers, gender, dates of birth and basic program information.

“We have not identified any unauthorized access to bank account or card payment details – we do not store this information on the above systems,” the university said. said.

“We ask all staff and students to remain vigilant for any suspicious emails, including those that appear to be from those responsible for this incident. Do not respond to these emails in any way.”

The university said it is working with relevant authorities to investigate the incident, including the Information Commissioner’s Office, the National Cyber ​​Security Center (NCSC), the National Crime Agency and other regulatory bodies. .