Cyber incident - weekly round up

13 Sep 2023

This week's key information - 13 September 2023

Key information:

• University of Manchester Superannuation Scheme data breach (UMSS)
• Restoring remote access (VPN) for managed devices
• Experian identity protection offer due to expire
• Continuing vigilance to cyber security

University of Manchester Superannuation Scheme (UMSS) data breach

As part of our ongoing forensic investigation into the cyber incident, we have discovered that a proportion of data linked to one of our University pension schemes, UMSS (University of Manchester Superannuation Scheme), has been exfiltrated. The data relates primarily to active UMSS members, who we have written to explaining what information has been copied.

UMSS is one of our pension schemes for staff primarily on Grades 1-5. UMSS closed to new members in January 2019, therefore any colleagues that joined the University after this date will be in a different scheme and remain unaffected.

As with other impacted individuals, UMSS members are encouraged to take up the previously shared Experian Offer.

The University and UMSS Trustees are continuing to work together to minimise any risk and the Pensions Office are operating on enhanced alert to any potentially fraudulent activity.

If you have any specific concerns in respect of the UMSS incident, please get in touch with the University Pensions Office:

• Email: umss@manchester.ac.uk
• Phone: 0161 275 2043
• Location and opening hours: John Owens Building G0.29 – open Tuesdays and Wednesdays 10am - 3.30pm

Helpful links

• UMSS website: www.umss.co.uk
• Further guidance: https://www.thepensionsregulator.gov.uk/en/pension-scams and https://ico.org.uk/for-the-public and https://www.ncsc.gov.uk/guidance/data-breaches
• Experian offer - Experian identity protection offer | StaffNet | The University of Manchester

Restoring remote access (VPN) for managed devices

An update on the phased restoration of remote access to our internal networks was published last week.

• Read: Restoring remote access (VPN) for managed devices

Experian identity protection offer due to expire

• Read: Experian identity protection offer

Colleagues and postgraduate researchers wishing to take advantage of the free 12-month subscription offer to Experian’s identity protection service are reminded to subscribe by Saturday, 30 September, at which time the offer will expire.

All PGT and undergraduate students have also been offered access to the Experian IdentityWorksSM. Package.

The Experian Identity Plus service monitors personal information for certain signs of potential identity theft, and can detect possible misuse of your personal data.

The offer email was sent from The University of Manchester on 21 June 2023. If you are unable to find the email sent to you with your unique code, please contact wellbeing@manchester.ac.uk for more information.

Continuing vigilance to cyber security

Whilst we can confirm that the cyber criminals have now been eliminated from our internal networks, continued forensic investigations will continue to progress over the next few months to explore the devices and systems that may have been compromised.

We are continuing to contact colleagues whose devices have been affected to investigate further. If you are one of these colleagues, please be assured that this is through no fault of your own, but do prioritise the requests from our Information Governance Office (IGO).

You will be contacted by the IGO if your device or files have been affected by the cyber assault. You do not need to contact them first.

All colleagues and students are advised however to continue to be vigilant of suspicious emails or phishing attempts and report them to phishing@manchester.ac.uk (sending the email as an attachment). Further advice on this is available on the IT Services website.

Cyber incident guidance and support

All our latest information and guidance, including wellbeing support and FAQs, can be found at:

• https://www.manchester.ac.uk/cyber-incident/

For any additional queries, please contact: Information.assurance@manchester.ac.uk

Wellbeing

We recognise that for a number of colleagues, the cyber incident is continuing to add additional demands to their normal workload or impacting usual hybrid working arrangements. We are keen to support and maintain wellbeing across affected teams.

We would encourage individuals to speak to their line manager with any wellbeing concerns in the first instance. 

• Further information on wellbeing support is available on the StaffNet wellbeing pages.
• You can also contact wellbeing@manchester.ac.uk for more information.