Cyber incident
Last updated: Friday, 10 May 2024.
During the week commencing 6 June 2023, we found out that the University was the victim of a cyber attack. It has been confirmed that some of our systems have been accessed by a criminal entity.
Our ongoing cyber investigations continue to explore where data and individuals have been impacted, and we are communicating with all those affected in the most appropriate way, offering them advice and support.
Information about the copied data is available in the data accessed/services affected section.
This page contains University guidance for our staff and students and is being reviewed and updated on a regular basis.
University response
We declared a cyber incident when we became aware of unauthorised activity on the network.
We promptly reported the incident to the relevant authorities who we are working closely with, including the:
- Information Commissioner’s Office;
- Office for Students;
- National Cyber Security Centre;
- National Crime Agency.
University guidance
- Information for staff and students
- Information for applicants and offer holders
- Data accessed/services affected
- GlobalProtect VPN and hybrid working
- Wellbeing
National Cyber Security Centre guidance
- Data breaches: guidance for individuals and families
- Phishing: Spot and report scam emails, texts, websites and calls
Contact us
Please do contact us if you have any questions.
Staff and student email: information.assurance@manchester.ac.uk
Alumni email: alumni@manchester.ac.uk
Information for staff and students
Last updated: Tuesday, 27 February 2024.
We’re advising our staff and students to continue working as normal unless advised otherwise, but please follow the advice on this page where required.
Problems logging into University services?
If you are having trouble logging into University services it may be that your password has been reset.
To regain access, visit the IT Account Manager and follow the ‘Account recovery’ process to set a new password.
If you have changed your password and still cannot log in, please first check your devices for any stored passwords and ensure you update them.
If you are having difficulty you will need to contact the IT Support Centre.
Additional information
- After setting your new password, change your eduroam WiFi settings on all devices (including mobile phones) to account for your new password. Help is available on our changing your password webpage.
- Stored passwords must be updated – if you use a password manager, for example. Log out and then back in again with your new password for Microsoft 365 apps such as Outlook and Teams.
- If your device repeatedly tries to log in with your old password, you may be locked out of your account for a short time.
- If you are off-campus log in with your old password until you connect to the network on campus, when you can use the new password.
I am not receiving University email communications, what should I do?
This may be because you have unsubscribed from University communications sent via the University’s emarketing system.
If you think this might be you and you’d like to resubscribe, please email information.assurance@manchester.ac.uk and the team will pass your enquiry on to the appropriate staff or student support team.
Some staff and students have received emails purporting to be from the people behind the cyber incident. All staff and students should be wary of opening suspicious emails or phishing attempts and report them to phishing@manchester.ac.uk (sending the email as an attachment). This should not be interpreted as an indication that your data has been affected.
More advice on phishing is available on the IT Services website.
You can also contact the IT Support Centre: 0161 306 5544.
Please do not create extra backups that you would not usually make (including on USB drives).
This is because extra data transfers may affect the very high level of monitoring on the network.
There is no restriction on uploading data – the downloading restriction is because there is a requirement to do so in response to the incident.
IT Services may push new software installations or software updates to your University computer without prior communication. This will happen when you are on campus and connected to the University network either via a wired connection or via eduroam WiFi, or when you are connected remotely using the GlobalProtect VPN.
After software updates are applied you may be required to restart your computer. If you have any concerns about your computer, please contact the IT Support Centre.
Further improvements have been made to the University's email filtering system with the introduction of a twice-daily digest email. This is a summary of quarantined emails that you can review and release on a self-serve basis where you believe them to be legitimate emails. If no emails have been quarantined in the past 12 hours, you will not receive a digest email.
Other functionality
- Links in the body of emails sent from outside the University might look a little different. The system amends links to initially redirect via its ‘URL defense service'. URL defense verifies that links are legitimate and safe. When you hover over a link it will have ‘https://urldefense.com/v3/’ at the beginning of it. This routes the link via the filtering system for an additional safety check. If at some point in the future a link is identified as malicious, you will not be directed to the website.
- You may see ‘email warning tags’ on emails from untrusted sources. This warning will appear at the top of the email.
There’s more information about the email filtering service on the IT Services website.
As part of addressing and resolving issues arising from the cyber incident some of our systems are temporarily unavailable, including My Manchester.
Visit our Student Support site where we have collated information and links to the systems and processes previously accessible through My Manchester.
At present, all systems are operating as normal. A number of systems briefly went offline as part of the response and were restored as soon as possible where there was a potential life safety issue.
In the event of a door system failure, all doors will remain secure. Our door controls operate on a separate network, independent of the main IT system. While most staff ID cards (required for access to most buildings and offices) will work without any issues, a small number of users may experience temporary disruptions. This will be managed on an ongoing basis.
No data can be obtained from staff ID cards. We will inform you of alternative measures or arrangements should any system failures occur.
We understand that our colleagues, students and partners are rightly concerned about this current incident and we want to reassure you that we are trying to answer as many of your questions as quickly as possible. We have established a dedicated email address and specialist team to help ensure we respond to queries quickly and appropriately, and in a way that enables us to provide links to relevant information, guidance and support.
We will continue to update that information on this site on an ongoing basis. Please do check your email, StaffNet or student news for updates.
You may have received a communication from us addressed to alumni and supporters – but you aren’t either of those. This is because we have contacted those for whom we have a record on our relationship management system, the Raiser’s Edge database, regarding the cyber incident.
We hold a record for those who have supported the University to achieve its goals and who have studied with us – for instance, if you have attended an event or have been invited to an event the University has delivered, if you have given a gift to one of our causes, volunteered with us, if you’ve received support from us, or have studied with us at some point.
We have a dedicated Privacy Notice that includes details about the categories of data that are potentially contained within the system (although we do not hold information in each of these categories for all individuals), and which might have potentially been affected. The list is under the heading ‘The personal information we hold’.
While we have identified that your information may have been affected, we are currently unable to confirm to what extent (if any) your specific data has been involved.
Donations and payments
We can confirm that making a donation or payment to the University remains safe and secure. If you make a donation or payment to the University online, your transaction will be processed immediately via a secure third-party partner, and your card/bank details will not be stored by The University of Manchester. The easiest way to donate is via our online giving page.
If you would like to make a donation by sending a cheque in the post, or by making a bank transfer to the University, you can continue to do so securely. Please get in touch if you would like further details about either of these payment methods.
Note for all former staff and students
If you left sensitive personal information on a University shared desktop computer, please email information.assurance@manchester.ac.uk
Alumni and supporters
Last updated: 1pm on Friday, 4 August 2023.
We have identified that the third party has accessed a system used for the University’s activities involving alumni and supporters.
We have a dedicated Privacy Notice for these activities, which includes details about the categories of data that are potentially contained within the system (although we do not hold information in each of these categories for all individuals), and which might have potentially been affected.
We have not identified any unauthorised access to bank account or card payment details – we do not store such information on the alumni and supporter system.
We will continue to do all we can to ensure you are supported appropriately and kept up to date on relevant developments in our response to this incident.
- Support staff can be contacted using our dedicated email address: alumni@manchester.ac.uk
The University is conscious that there is a small risk of identity fraud. Additionally, the criminals responsible for this cyber incident may seek to use it to deceive you and cause you to share sensitive information or download malware.
As such, we encourage you to be extra vigilant, particularly in relation to potential phishing attacks, as cyber criminals may use contact details (such as address, email, text, phone numbers) and other personal information they may have accessed. Cyber criminals often pretend to be someone (or an organisation) you trust.
If you have any doubts about a message or any communications purporting to be from an organisation such as a bank, please contact the organisation directly. In such circumstances, please do not use the numbers or address in the message – use the details from their official website instead to be sure. Remember, your bank (or any other official source) will never ask you to supply personal information via email, nor will they call and ask you to confirm your bank account details.
Therefore, please:
- do not respond to unsolicited calls, texts, emails or other messages – and do not click any links in such messages.
- do not provide your passwords, financial information or other personal information to any third parties, unless you have contacted them using their official details, as mentioned above.
Additional sources of information
We have included the below links to additional resources on the National Cyber Security Centre's website, which you may find useful by way of further guidance and information:
Applicants and offer holders
Last updated: Tuesday, 13 February 2024.
Applicants and offer holders do not need to take any action.
We will inform you if we need to tell you anything else by email.
We are working hard to minimise any delays and give you enough time to apply for a visa. There is no requirement for you to contact your admission team or the immigration team for an update. We will contact you if we need to tell you anything about your CAS status.
We will contact you directly by email when we need you to complete your Right to Study check. If you have been contacted previously to complete this via My Manchester, you will be contacted again with details of the new process.
You can still complete your assignment on Blackboard.
Email Manchester Distance Access Scheme if you encounter any problems.
Email the Manchester Access Programme team if you are a MAP student and have any questions.
The University of Manchester is no longer accepting new Clearing applications.
If you have received your results, you will be notified via your UCAS Hub of the decision on your application.
Please refer to our receiving results page on what results we automatically receive from UCAS, and our offer-holder next steps page for further advice on what happens once we have received your results.
As part of addressing and resolving issues arising from the cyber incident some of our systems are temporarily unavailable, including My Manchester.
We have collated information on what you can do while My Manchester is unavailable on our My Manchester unavailable page. Please refer to this page for further guidance.
If you are a current student of the University, further detail on how you can access University systems while My Manchester is unavailable can be found on the Student Support site.
Student accommodation
Last updated: Tuesday, 13 February 2024.
We are pleased to announce that the accommodation portal is now available to make applications, view, and accept accommodation offers.
Please log in at Apply for accommodation at The University of Manchester.
If you had been made an offer but were unable to accept because of the cyber incident, the expiry date has been extended to enable you to complete the process. See Receiving your accommodation offer at The University of Manchester for more information.
If you are waiting on confirmation that you have met the conditions to study, there is nothing to do at the moment. As soon as we know you have met your conditions to study, we’ll send you an accommodation offer.
If you have applied for accommodation and want to change your hall preferences, please log in via the accommodation portal to make these changes.
Please note that changes can only be made until Monday, 14 August 2023 to allow the accommodation office team to process them.
If you are applying for a student visa, you do not need to know exactly where you will be living in the UK when you complete the visa application form online. If you already have plans for your accommodation in the UK you can include the details.
Please download the PDF guide to completing the online visa application form for further details.
If you are in the process of making travel arrangements, your airline may ask you to provide your passenger information before you travel. This is known as Advance Passenger Information (API) and is either taken at the time of booking or check-in. If you are asked for this information when booking your travel but do not know where you will be living during your studies, you can provide an expected address for your first night in the UK, for example the address of a hotel, friend, or family member in the UK.
Please be aware of the risk of booking non-refundable flights before you are granted your visa.
Our advice is to not book flights until you know you have secured accommodation.
We are unable to accept early arrivals into halls of residence. The majority of University accommodation agreements do not generally commence until mid-September.
Data accessed/services affected
Last updated: Tuesday, 13 February 2024.
Our ongoing cyber investigations continue to explore where data and individuals have been impacted, and we are communicating with all those affected in the most appropriate way, offering them advice and support.
We have identified that the third party has accessed the system used to help manage student accommodation. Basic profiles are created for all University of Manchester students, which are augmented if those students make an application for University accommodation. The categories of data contained within that system that have potentially been affected are:
- Name and contact details (address, telephone numbers and email address)
- Name and contact details (address, telephone numbers and email address) for next of kin
- University ID number
- Basic programme information (such as programme name, level of study and status (for example, registered/interrupted))
- Date of birth
- Gender
- Nationality, domicile and ethnicity
- UCAS number and fee status
- UCAS disability code (where relevant)
For some students, the system also includes a summary of key communications or other records relating to their university accommodation.
We have also identified that the third party has accessed a system used for the University’s alumni activities. A profile is created on that system for current University students and it contains the following details:
- Name and contact details (address, telephone number and email address)
- University ID number
- Gender
- Date of birth
- Basic programme information (such as programme name and start date)
We have not identified any unauthorised access to bank account or card payment details – we do not store such information on the above systems).
There is no reason for colleagues to be concerned about their pay. We are confident regarding the ongoing processes of payroll.
Please see the IT Services service availability page for the latest status updates on services and system availability:
Where necessary, we have restricted systems and accounts in a variety of ways. We continue to monitor the situation and respond accordingly.
Because of the incident, IT Services' levels may be impacted and delays to services are likely.
You should use eduroam, the University’s WiFi service, as normal.
If you have changed your University password, you must change your eduroam WiFi settings to account for your new password, on all your eduroam-connected devices (including mobile phones). Information on how to do this is available on the changing your password web page.
Your home WiFi should remain unaffected by the cyber incident.
There is no evidence to suggest that Isilon data has been affected.
MyView is back up and running, including the document attachment function.
We are currently experiencing issues with our automatic toner replacement service. While this service is down, staff should contact the Xerox Service Desk on 020 2388 5086.
Printers in the PC clusters across campus are managed by IT Services. If you need help or support visit: Help and support (The University of Manchester).
The University continues to actively manage the response to the cyber incident. We are undertaking forensic investigations and carefully reviewing the impact of the incident.
If during our ongoing investigations we suspect that further data has been compromised, we will ensure that those people are informed. We have published what data has been accessed in the ‘Data accessed/services affected’ section of this website.
The University has published guidance on research data storage and current practice, which includes the use of OneDrive. This was produced as guidance while the VPN is off, but is applicable more generally.
We also have some guidance on managing very sensitive or highly restricted data: Secure Collaboration and Document Storage Guidance (SharePoint).
We have suggested to data-sharing partners that, where University members have access to their networks and systems using a University email address, they force a password reset and, if possible, introduce multi-factor authentication as part of the login process in line with best practice.
While the VPN is switched off, eProg, eThesis and the Training Catalogue are all currently accessible on and off campus. Anyone experiencing access problems should submit a support request through the IT Support Portal.
For additional support with eThesis, please contact the library.
If you are impacted by the VPN being switched off and need to come on to campus and require temporary accommodation, the University has worked with the following reputable providers who may offer short-term lets: Weston Hall, Denmark Road, Brook Hall, Daisy Bank Hall, Manchester Gardens, Park View, Rusholme Place and Wilmslow Park.
Study spaces are available in the Library and the Alan Gilbert Learning Commons, but there are also several other areas available for study across campus:
- ‘The Study’ on the top floor of Manchester Museum (open daily, 10am - 5pm)
- The Atrium on the first floor of University Place (open Monday to Friday, 9am - 5pm, or 10am - 4pm during vacations)
- Art and Archaeology Library on the 4th floor of the Mansfield Cooper Building (open Monday to Friday, 9.30am - 7pm)
- John Rylands Library (open Tuesday to Saturday, 10am - 5pm and Sunday to Monday, 12pm - 5pm)
- Kantorowich Library on the ground floor of Humanities Bridgeford Street Building (open Monday to Friday, 9.30am - 7pm)
- In the School or Arts, Languages and Cultures, there are PGR computer clusters available in the Ellen Wilkinson Building in Room CG.18, C1.17 and C1.20
- In the Faculty of Humanities, desk space can be requested by contacting: hums.doctoralacademy@manchester.ac.uk
- In the Faculty of Biology, Medicine and Health, the PGR Hub is available in the Stopford Building, 3rd floor; and
- Manchester Central Library reading room, St Peter’s Square (3.45/5) (open Monday to Thursday, 9am – 8pm and Friday to Saturday, 9am – 5pm)
All the Library’s contents, books, e-books, journals, databases, articles and media are listed and searchable without being connected to Global Protect VPN via Library Search.
To access the Library’s electronic resources, users will be directed to the University Login Service page and asked to input their University username and password.
Further details can be found on the Library’s resources page.
Linux computers must be patched to ensure they are compliant. On this occasion, we do not believe that Linux computers have been affected.
The stock of IT equipment is currently limited given the need to forensically examine and then rebuild some of the IT estate.
We are sorry for the delay this may cause in issuing new equipment to members of the University and are working hard to resolve the situation. We really appreciate your understanding as we work through this.
GlobalProtect VPN and hybrid working
Last updated: 3pm on Friday, 10 May 2024.
The VPN is now available to all staff and students.
Updated instructions and information can be found on the IT Services website: IT Services: Virtual Private Network.
I require GlobalProtect VPN access to carry out some or all elements of my role. Do I need to come on to campus?
The removal of off-campus VPN access will impact a significant number of colleagues across the University, the extent of which will depend on the nature of their role and/or duties. Colleagues are required to spend more days working on campus if needed to carry out some or all of their duties.
Colleagues are advised to speak to their line manager, to establish to what extent their day-to-day duties are impacted by the lack of VPN access and whether it is necessary for them to attend campus or not, on days they might normally work remotely.
To ensure we can maintain our services, if there are elements of your role that need to be fulfilled and which cannot be done remotely, then you will be required to attend campus to fulfil these.
Those colleagues who may struggle to attend campus on each or any of their working days should speak with their line manager to understand what temporary arrangements may be put in place.
I am unable to attend campus for some of my working days due to pre-existing wraparound childcare arrangements or other caring responsibilities, what should I do?
We understand that our approach to hybrid working enables many of our colleagues to successfully balance their childcare or carer responsibilities, alongside their job, with little to no impact, but that the removal of VPN access may have potentially caused some immediate challenges.
If you are impacted by such challenges, please speak with your line manager to discuss what limitations this may place on your ability to fulfil your normal duties, eg you may need to leave work earlier than normal to collect your child(ren). While we ask all colleagues to continue with their best endeavours, line managers must consider that adjustments to working practices may be required on a temporary basis and that everyone’s personal circumstances will be different.
My line manager has asked me about my current caring responsibilities, do I have to disclose them?
It is not unreasonable for your line manager to ask you to talk through your current childcare/carer arrangements if you are citing difficulties in balancing your ability to work on campus alongside these arrangements.
I am a disabled employee/employee with a pre-existing health condition and I am concerned about having to attend campus on a more frequent basis, what should I do?
We encourage colleagues and managers to have an open dialogue and discuss what temporary adjustments could reasonably be implemented to address any specific concerns. During such discussions managers should take into account any individual’s specific agreed working arrangements that have been agreed via DASS or flexible working.
Colleagues who have a DASS report and concerns that their line manager is unable to address, should contact DASS or their relevant People and OD Partner to discuss further.
We also encourage colleagues to access support via our wellbeing page on StaffNet or our Employee Assistance Programme.
I’m anxious about returning to campus due to this incident, what support is available for me?
It is understandable that this incident may have caused an increased sense of anxiety for some colleagues, and for some individuals this may be intensified by the subsequent requirement to attend campus on a more frequent basis.
Colleagues are advised to speak to their line manager if they have any wellbeing concerns about attending campus, to understand what support or adjustments may be available. Additionally, colleagues can access a wealth of support via our wellbeing page on StaffNet or our Employee Assistance Programme.
Wellbeing
Last updated: 5pm on Friday, 23 June 2023.
Your wellbeing remains an important priority and support is available to those directly impacted and all colleagues and students who are worried about this incident.
Please speak to your line manager if you are worried.
You can also find support:
- on the cyber incident wellbeing support pages on StaffNet;
- through the Employee Assistance Programme (available 24 hours a day, seven days a week)
Contacts and support for neurodivergent staff
- Contact the Neurodiversity Network.
- More information is also available via the Neurodiversity Network group page.
We understand the concern created for those directly affected and support is available to these individuals and all our students. Students can find wellbeing support on the Student Support website and we also encourage students to speak with their academic advisor or supervisor if they feel that their studies are being affected in any way.
We would encourage all our students to take up the offer of the 12-month subscription with Experian. The Experian offer provides identity monitoring support, focussing on identifying and resolving identity theft. Details of how to access this are in the Information for staff and students section on this page.
We understand some of our affected international students may be concerned about their data potentially being shared outside of the UK and the impacts this could have.
We would encourage all concerned students to sign up for the 12-month Experian offer (details of how to do this are in an email sent to all students w/c 19 June). If students have further concerns, please access Student Support services.
Partners
Last updated: 4pm on Wednesday, 26 July 2023.
Has your email system been compromised such that we may receive phishing emails from University of Manchester addresses?
We have no evidence that our email system has been compromised. But, of course, we all need to take precautions around potential phishing emails.
For more information, please see the National Cyber Security Centre's guidance on phishing.
Can we talk to someone to discuss our concerns?
We are prioritising liaison with organisations where the disruption has had a direct impact. Unfortunately, due to the numbers involved, we are unable to hold detailed conversations about the cyber incident with all our partners where there is no reason to suspect there has been a direct impact.
Please be assured that we are carrying out comprehensive checks and improvements to ensure our systems are as secure as they can be.
If you have further queries, please email information.assurance@manchester.ac.uk and we will triage your request. We ask that you please continue to be patient as it may take some time to respond.
Do we need to disconnect our network from The University of Manchester (UoM) network?
There is no evidence of any onward compromise of our partners’ systems. As a precautionary measure some networks were disconnected, however some organisations have now taken the decision to reconnect their networks to ours to support ongoing engagements.
The decision to reconnect remains with you to make the appropriate risk assessment.
What activities are underway to limit the extent of the compromise?
For security reasons, we are unable to share details of the activities undertaken but we have made significant progress in both containment and building resilience in our systems.
We are continuing to work closely with the National Cyber Security Centre, National Crime Agency, the North West Regional Organised Crime Unit and specialist external partners. This includes supporting the national effort to counter cybercrime.