Criminal investigation launched following college cyber attack

Cyber criminals have hacked into the personal data, and potentially bank details, of students and staff at Swindon College, in the latest computer crime to affect a further education institution.

A statement from the college says the data breach happened in the latter half of last week, and it has affected both past and present students and staff, but the college has not confirmed how many.

Swindon College’s phone lines were offline as a result, and its website has been updated with the college’s logo and a message saying: “Important announcement for staff, former staff, current and former students and apprentices. Data breach – immediate action.”

The college’s statement said: “Swindon College’s network system has been subject to a targeted cyber-attack this week that has resulted in unauthorised access to personal data”.

“You are potentially at risk,” it reads before it advises people to contact their bank to find out of there is any suspicious activity on their account.

The college will be able to contact anyone who has been personally affected by the breach early this week.

The breach has reported to the Information Commissioner’s Office and the National Crime Agency, however officers from Wiltshire Police’s digital investigations and intelligence unit are investigating the cyber attack rather than the agency.

A spokesperson for Wiltshire Police said the crime was reported on 12 September, and “enquiries are currently ongoing”.

An ICO spokesperson said: “Swindon College has reported an incident to us and we will assess the information provided.”

This is the latest act of cyber crime to affect an FE college, after South Staffordshire College fell victim earlier this month to an ‘ethical hacker’, who, the college claimed sent emails doctored to include a racist word to media, staff and a local councillor.

Following the hack, principal Claire Boliver said: “The contents of the email with an alleged racist remark is fabricated.  There is clear evidence that proves the email has been edited.”

Police have been investigating the case since.

In June, fraudsters hacked into the email account of Lakes College principal Chris Nattress and sent a link to his contacts to “review and sign”, in what is known as a phishing scam.

The ESFA released guidance for colleges on phishing scams, where a criminal will be disguised as a trustworthy source in an electronic communication to trick people into giving them their personal details.

Computer users, the ESFA advised, should ensure they have firewalls, strong passwords and anti-virus software in place, be alert to emails containing seemingly legitimate links, and check whoever sent the email is genuine before the user sends them passwords, data, or payment.

Users have been asked to email fraud.reports@education.gov.uk if they become aware of any phishing attempts.

If you have you been targeted by this scam, send the ‘phishing’ emails you have received to news@feweek.co.uk.