Statement to applicants on Lancaster University phishing attack

Wednesday, 24 July 2019

Lancaster University data breach statement

Lancaster University announced earlier this week that it has been subject to a phishing attack which has resulted in breaches of applicant and student data.

The matter has been reported to law enforcement agencies and Lancaster University is now working closely with them.

Since the attack, Lancaster University has been made aware that fraudulent invoices have been sent to some undergraduate applicants and has alerted its applicants to be aware of any suspicious communications. Some applicants who have applied for Lancaster University and whose data has been breached have also applied to Oxford Brookes University, and so there is a possibility that the perpetrator(s) of the phishing attack may attempt to issue fraudulent invoices to them in the name of Oxford Brookes, as well as other universities and colleges in the UK.

Although we are not aware of any fraudulent invoices being sent in the name of Oxford Brookes, we would like to make clear that we do not issue invoices for payment ahead of enrolment and therefore any such approach should be ignored. 

Lancaster University is advising applicants to contact them if they receive any suspicious communications by emailing or calling 01524 510044.

Any applicants to both Oxford Brookes and Lancaster University who have concerns can also contact Oxford Brookes via before 12 noon on Monday 29 July, after which point the University is unable to liaise directly with applicants. Advice on what to do if you are a victim of online fraud can also be found on the Action Fraud website.

We would like to make absolutely clear that Oxford Brookes has not suffered a data breach and continues to have robust policies and procedures in place to protect applicant data.