The Office of the Data Protection Commissioner has been formally notified of a recent data breach at UL
MORE THAN 240 student email accounts at the University of Limerick were compromised as a result of a phishing scam that directed students to share their personal login details with a fake website.
The Office of the Data Protection Commissioner has been formally notified of a recent data breach at the university that saw 243 UL student email accounts compromised after a series of external phishing emails were sent to students.
These emails contained messages like ‘Verify Account’ or ‘Unusual Login Attempt’ and requested students click a hyperlink which then transferred to a fake non-UL hosted website.
Students were then asked to enter their username and password for ‘verification purposes’.
Once the UL Information Technology Division (ITD) became aware of the issue, immediate steps were taken to halt the further circulation of the emails, a UL spokesperson confirmed.
“ITD disabled all affected student accounts and all affected students were contacted and provided with instructions to contact IT services in order to regain access to their accounts.”
“Once the university’s ITD became aware of the problem, a process was immediately initiated to identify the cause and extent of the incident, the steps required to halt the further circulation of the phishing emails and the steps to be taken in order to provide all necessary assistance to affected students.”
“The university takes these matters seriously and in line with the Office of the Data Protection Commissioner’s Code of Practice for Data Breaches, the university formally alerted that Office of the phishing event plus all steps that have been taken by the university to respond to this matter.”
“The university’s ITD has undertaken a review of issues arising; continues to monitor the matter closely and continues to provide assistance to all students as a priority,” the spokesperson added.