[BreachExchange] Cyber attack on Swindon College network leaves staff and students' personal data at risk

Destry Winant destry at riskbasedsecurity.com
Tue Sep 17 10:14:02 EDT 2019


https://www.swindonadvertiser.co.uk/news/17904554.cyber-attack-swindon-college-network-leaves-staff-students-39-personal-data-risk/\\

HACKERS broke into Swindon College’s network in what staff called a
“deliberate and criminal” attack.

As well as current staff and students’ personal information, hackers
gained unauthorised access to data retained from those who attended or
worked at the college during the last eight years – sparking fear
among those affected.

The data breach happened at some point in the latter half of last week
and the college is working with the National Crime Agency to catch the
criminals responsible.

Chloe Webster, 18, is studying hair and beauty at the college. She
said: “This made me feel upset and very distressed and I am worried
about other people finding out where I live and my home number.

“These things can be dangerous. Someone who you don’t know could be
anywhere and can follow you. I am worried that someone could follow me
and get me beaten up quite badly.”

Principal Steve Wain told the Adver this was the first time the
college had ever experienced a cyber attack of this kind.

He said: “As soon as we became aware of the breach, we instigated our
major incident plan.

“We immediately contacted local law enforcement agencies, the National
Crime Agency and the Information Commissioners Office.

“The indication is that this was a sophisticated cyber-attack and that
our systems were deliberately and criminally accessed.

“We are working very closely with these agencies to limit any possible
impact and to put robust solutions in place to prevent any further
breaches.

“We are following all recommended procedures and processes and have
engaged external expert third party agencies who are supporting us.

“We informed staff and students of the breach as soon as we were
permitted to do so by the law enforcement agencies, to ensure they
were aware of the potential impact this could have and to provide
immediate advice on any action that may need to be taken.

“We recognise that this breach will understandably cause concern, and
we will do all we can to advise and support.

“We hope you will understand that we are unable to provide any further
information regarding the extent or nature of the attack at this stage
because it is a live criminal investigation.”

Bosses first notified students about the breach on Saturday morning
and kept the college open throughout the day so that anyone concerned
could speak to them face-to-face.

Hundreds of people shared the post and word quickly spread.

At this stage, the college is not able to confirm individually whose
data had been compromised but would be able to do so later this week.

Mr Wain promised to keep people updated as the investigation
progresses and urged anyone who could be affected by the data breach
to follow this advice to safeguard their digital identity:

- Contact their bank to identify if there is any suspicious activity
on their account and discuss with them what further action they
believe should be taken.

- Carefully read official information and guidance relating to cyber
security then follow the advice given.

- Helpful sources include fraud protection website
actionfraud.police.uk, identity theft support website ico.org.uk, and
guidance for staff and families on
ncsc.gov.uk/section/information-for/individuals-families

- Enable two factor authentication on Gmail email addresses via
google.com/landing/2step


More information about the BreachExchange mailing list