Skip to navigation | Skip to main content | Skip to footer
Menu
Search the University of Manchester siteSearch Menu StaffNet

Cyber incident – your new daily round up

21 Jun 2023

A message from Patrick Hackett – how we will keep you informed as we continue to address the cyber incident

On Friday, 9 June 2023 we shared the news that the University has been the victim of a cyber incident. Our response to the incident is evolving every day and we will now update you on a daily basis through a StaffNet news item.

It’s hoped that by providing colleagues with this update it will give you the key information for each day and round up any other guidance you need. If we don’t have anything new to report, we will still let you know.

Please be assured that specialist teams are working 24/7 to address the issue and ensure our staff, students and partners are protected.

We ask that you continue to work as normal but remain vigilant and please continue to carefully consider the information you share. Advice on this can be found at:

We’d like to thank you all for your resilience and patience over past couple of  weeks. This is much appreciated by all SLT and PSLT at an already busy time.

Kindest regards,

Registrar, Secretary and Chief Operating Officer, Patrick Hackett

Today’s key information – 21 June 2023

Our approach

To protect our systems and data going forward we are taking two actions:

  • Firstly, we need to contain the impact of the incident;
  • And secondly, we need to protect our systems against future attacks.

Our recovery from this incident will take some time, with some areas being quicker to fix than others, and some being more of a priority for the University. This is all being considered when making decisions on what work takes place and in what order.

Experian Identity Plus

Today, you will have received an email from Adèle Mackinlay, Director of People and Organisational Development, about a free, 12-month subscription to leading identity protection service Experian Identity Plus for colleagues and postgraduate research students

Your activation code, how to activate your subscription, and a link to the Experian website are available within this email.

Experian – general information

The University is offering the Experian service to you, our staff and students, for 12 months as a precautionary measure. It is not an indication that your data has been affected. We’ll provide further updates as more information becomes available.

Experian is the largest of the three credit agencies operating in the UK, all of which receive their data from the same source (lenders). You should receive an alert if a new line of credit is opened from any of the three agencies, therefore you do not need to have accounts with each.

The service will remain available for the full period, regardless of whether staff or students leave the University.

Experian – details of security

Most modern organisations face a significant number of risks relating to the loss of information. Due to the nature of Experian’s business, they are no different. To defend their data, Experian has developed a best-of-breed security framework based around ISO27001; the cornerstone of which is their information security policy.

As well as their commitment to ensuring that their staff continue to meet Experian’s high standards, they have also made a significant investment in establishing a Global Security function to ensure that security is embedded within Experian’s day-to-day activities across the world.

Experian – USS

Any staff who set up an Experian account after the USS data breach do not need to set up another account – the same service (Identity Plus, Experian’s enhanced offer) is being offered in this circumstance.

If you have already taken up the Identity Service via the USS, you will be able to take The University of Manchester offer as an additional second year but will require a new activation code – the one sent during this period is valid for three months.

Where this applies, we ask colleagues to email wellbeing@manchester.ac.uk to let us know. In 12 months, we will make additional codes available to these staff members.

Virtual Private Network (VPN) – on campus only

The Virtual Private Network (VPN) connection will remain switched off until August.  This means that ‘remoting in’ to our University systems and services from off-campus is not currently possible. These systems are available from on campus, only.

Colleagues who require access to the VPN to perform some or all of their duties may be required to work more from campus during this period of time.

More details will be shared over the coming days.

You can read further details at:

Systems – what is affected, what is not

As we work through the incident we will need to update, remove and repair systems and platforms. Where possible we will give advanced notice of this, but some of this might take place at short notice and you may notice some disruption to your systems.

We are working to produce a single list which will be updated and posted on staffnet for your information. Updates from last week can be found at:

Pay – your pay remains safe

There is no evidence to suggest that bank or payment details have been accessed and colleagues should expect to receive their June salary as normal.

If you are still concerned, we would advise you to contact your bank for further advice.

Suspicious emails – remain vigilant

Some of you may have received emails purportedly from those behind the incident. All staff and students should be wary of opening suspicious emails or phishing attempts and report them to IT Services. You should not respond under any circumstances. We have emailed all staff and students about this.

Please be assured if staff or students are identified who have been personally impacted by this incident, they will be contacted through University channels.

Please carry on working as normal, unless advised otherwise, but please remain vigilant:

  • be wary of opening suspicious emails or phishing attempts and report them to phishing@manchester.ac.uk (sending the email as an attachment);
  • do not click any links in the email or mobile phone message;
  • do not reply.

If you see anything else suspicious, please contact:

Further guidance and support can be found at:

General information

Password reset

Over the coming days, you will receive a prompt to change your IT account password. This will come as a direct email from PJ Hemmaway, Director of IT Services, and will include reset instructions.
 
No action is required until you receive the email.

Wellbeing

Your wellbeing remains an important priority and support is available to colleagues and students who are worried about this incident.

Staff can speak to their line manager if they are worried. You can also find support at:

Students can visit:

Cyber incident guidance and support

All our information and support can be found at: