UK Universities Data Breach

2.2 million credentials linked to the UK’s top 100 universities have been found on the dark web by security researchers. The breach puts the data of staff and students at risk as threat actors may be able to access users accounts with compromised credentials.

The breached credentials included emails, usernames and passwords.

57% belonged to Russell Group Universities which include the University of Edinburgh, the University of Glasgow, as well as larger universities like the University of Oxford and Cambridge. 

This is a stark reminder that universities are at high risk of major cyber security incidents and data theft.

Universities face several challenges in securing their networks just in sheer numbers of users, as there were over 2.5 million staff and students in UK universities in the 2022-2023 academic year, with 700,000 students coming from outside the UK. 

54% of breached credentials were from universities with research facilities. 

20% of breached credentials came from universities in London, followed by 13% coming from the South East England, and 12% from Scotland.

Romano Security Consulting recommend the following when setting up and maintaining secure passwords::

•  Utilise 2FA (Two Factor Authentication) on all user accounts.

• Enforce complex password policies or utilise password management systems such as 1Password, ensuring passwords are unique for each system and application.

• Employ third-party monitoring tools that track stolen credentials automatically, alerting organisations and users of potential password breaches.

• Provide users with regular cyber security training.

Get in touch to find out how we can help improve the cyber security of your business.