Cambridge University Press & Assessment (CUPA) has said it has suffered a “cybersecurity incident”, and said a hacking group has claimed to have published stolen data online.
The breach forced CUPA – the publishing arm of the university – to take some of its systems offline as “a precautionary measure” which it said it is working to restore “as quickly as possible”.
The incident occurred in early June, and CUPA said it has worked with forensic experts following the breach. It added that most customer-facing platforms remain live, and there has been no impact on exams.
It further warned it had become aware that a hacking group had claimed it had published CUPA data online. A spokesperson said: “We are aware that a group has claimed that data relating to our organisation has been published online. We are working to investigate with external experts and authorities, including the UK’s National Cyber Security Centre.
“Our experts have advised that the investigation will take some time to complete, and we will continue to provide our colleagues, customers and stakeholders with updates as soon as we can.”
Reports have emerged that the breach was carried out by cybercriminal group INC Ransomware, after the group released information related to the attack on its blog on 24 June, including stolen documents as evidence of the hack.
Separate hacker group Anonymous Sudan previously took responsibility for a cyberattack on the University of Cambridge in February, which impacted internet and email access.
The BBC reported at the time the university had been attacked by the group “because of the UK’s continued support of Israel”, and that it targeted Cambridge and the University of Manchester, which was also affected, “because they are the biggest ones” it could find.
UK universities have become major targets for hacking groups owing to the large amount of sensitive data they hold around students and academic research.
Figures from the Department for Science, Innovation and Technology last year found that 85 per cent of UK universities had identified breaches or attacks within the previous 12 months, noting that the proportion being attacked had not changed much since 2020, when the survey began.
