University of Northampton 'severely impacted' by cyber attack
Latest in a series of attacks on educational establishments
The University of Northampton has suffered a cyber attack that resulted in the disruption of its IT services and telephone systems.
In a message posted on Twitter, the university said that it had been "working across the network to resolve the issue" and was "sorry for the inconvenience caused", promising to provide an "update as soon as systems are up and running again".
According to the BBC, the breach occurred on 17 March, following which Northamptonshire Police and the Information Commissioner's Office (ICO) were notified about the incident.
The police and external cyber security experts are currently investigating the incident.
A spokesperson for the university told BBC the university had been 'severely impacted' and that "IT forensics investigators" were advising the university IT staff on how to restore services.
"The full facts of the situation have not yet been established," the spokesperson added.
Meanwhile, temporary workaround solutions have been rolled out by the university to support staff and students.
The university said that it takes "the safety and security of our information as well as the continuity of our systems and services extremely seriously" and will continue to take all appropriate measures to protect the organisation against cyber attacks.
The university highlighted that cyber attacks targeting educational institutions are on the rise "as criminals target educational establishments with no regard to the disruption to teaching and learning such attacks cause".
A Northamptonshire Police spokeswoman said that it was working with the National Cyber Security Centre to support the university and investigate this attack.
The incident is the latest in a series of cyber attacks on educational institutions in the UK in the past few months.
Last week, South and City College in Birmingham said that it had been hit with a "major ransomware attack" affecting many of its core IT systems.
Earlier this month, Queen's University in Belfast said that it had to suspend access to many of its IT systems as a precautionary measure following an attempted cyber incident.
In May last year, nearly 20 UK-based universities and charities suffered a global ransomware attack that targeted US-based cloud computing provider Blackbaud. The institutions affected in the attacks included the University of York, University of London, University of Leeds, University of Reading, Oxford Brookes University, Loughborough University and University of Birmingham.
In September, Newcastle University also came under attack from cyber criminals who threatened to expose personal data of students and staff unless a ransom was paid.
Following those incidents, the NCSC, in co-ordination with the Joint System Information Committee (JISC), issued an alert and guidance for colleges and universities, advising them to implement a 'defence in depth' strategy to defend their systems and networks against malware and ransomware attacks.
"Your organisation should also have an incident response plan, which includes a scenario for a ransomware attack, and this should be exercised," the advisory said.
Earlier this week, the NCSC published another alert to warn education establishments of an increase in ransomware attacks since late February.
"There is no reason to suspect the same criminal actor has been behind each attack, which have caused varying levels of disruption, including targeting school financial records," the agency stated.
Paul Chichester, Director of Operations at the NCSC, said: "Any targeting of the education sector by cyber criminals is completely unacceptable."
"This is a growing threat and we strongly encourage schools, colleges, and universities to act on our guidance and help ensure their students can continue their education uninterrupted."
"We are committed to ensuring the UK education sector is resilient against cyber threats, and have published practical resources to help establishments improve their cyber security and response to cyber incidents."