26 July 2019

IRM Weekly Cybersecurity Roundup: Lancaster Uni cyber-attack and more

Want the IRM weekly cybersecurity roundup sent straight to your inbox? Sign up to our newsletter. 

Lancaster Uni cyber-attack

Lancaster University became aware last Friday that they were victims of a sophisticated and malicious phishing attack.

lancaster uni cyber-attack phishing

Highly personal data of students and applicants including names, addresses, numbers and emails were stolen in the attack with another breach affecting the university’s records systems.

Along with the stolen data, there have been a number of fraudulent invoices sent to undergraduate applicants.

The students whose records had been stolen are being contacted and other applicants have been warned to be aware of any suspicious approaches.

A 25-year-old man, who has not been named, has been arrested for the Lancaster Uni cyber-attack and the National Crime Agency (NCA) continues to work with the university to find out more information. You can read more here.

02 to finally roll out 5G in October

02 is the last mobile network to roll out 5G in the UK. It intends to launch the next generation service in Belfast, Cardiff, Edinburgh, London, Slough and Leeds and by 2020 expand to a total of 50 towns and cities.

Although O2 will be the last to switch on 5G, it will be the only mobile network to do so without using equipment from the Chinese telecoms equipment-maker Huawei.

02 decided to opt for Huawei rivals Ericsson and Nokia after they trialled all three radio access network gear. “We respect all three operators, they were thorough in their submissions,” O2’s chief executive Mark Evans told the BBC. “But we were convinced that the best choices for us at this time are our current partners, which are Ericsson and Nokia.”

02 plans to focus on providing 5G to sites where capacity is stretched, such as train stations and venues, so consumers can expect faster download speeds and greater reliability throughout. You can read more here.

Equifax agree to pay $700m to US regulator after 2017’s data breach

Credit score agency Equifax failed to take basic steps to secure its network, exposing 147 million people records to the data breach. The stolen information included names, date of births, Social Security numbers, payment card numbers and expiration dates.

The Federal Trade Commission has fined Equifax $700m for their failure, with at least $300m going towards paying identity theft services and other related expenses run up by the victims.

Equifax suffered its hack after failing to patch a vulnerability that it was warned about in March 2017. They didn’t learn that their systems were exposed to attacks until four months later, when it was hacked.

The UK’s Information Commissioner’s Office has already issued the company with a £500,000 fine for failing to protect the personal information of up to 15 million UK citizens during the same attack. You can read more here.

Quick-fire Updates:

Cyber-crimes in 2018 cost £2.3 million per minute: Over the course of 2018, cybercrime cost £1.2 trillion across the world. The cost per minute was £2.3 million up from £688,000 in 2017. You can read more here.

Samsung’s foldable phone to be re-released after screen fix: Samsung are to re-release their foldable phone after issues back in April of broken screens were reported. Read more here.

Citrix hackers used password spraying to breach their systems: The hackers who breached corporate VPN service provider Citrix last year used an unsophisticated technique that throws commonly used, weak passwords at a system until one works, the company’s investigators has confirmed. You can read more here.

If you have any questions about this week’s roundup, or want to understand how you can improve your cybersecurity strategy, get in touch with IRM. 

Are you looking to get into a career in cyber? Check out IRM’s job vacancies on our careers page or sign up to our careers newsletter for future roles.