• United States



UK Editor

UK universities at high risk of cybersecurity incidents due to breached credentials

Jun 15, 20233 mins
CyberattacksEducation IndustryIdentity Theft

More than 2 million breached credentials from the top 100 UK institutions have been detected on the dark web.

UK universities are at high risk of major cybersecurity incidents launched using breached credentials, according to new research from cybersecurity solutions company Crossword. An analysis of online criminal markets by the firm revealed 2.2 million breached credentials available on the dark web for the top 100 UK institutions, with 57% belonging to the 24 Russell Group Universities, it claims.

The findings come the week after the UK’s University of Manchester suffered a cyber incident in which systems were accessed by an unauthorised party. Meanwhile, the education sector remains a prime target for cyberattacks globally. In January, it was revealed that more than a dozen schools in the UK suffered a cyberattack which led to highly confidential documents being leaked online by cybercriminals. Notorious cybercrime groups such as Vice Society have targeted US colleges and universities in recent ransomware campaigns, with Israel’s Technion University suffering a ransomware attack by a group calling itself DarkBit which forced it to proactively block all communication networks. A New South Wales Audit Office report revealed the financial losses of Australian universities following cyberattacks suffered in 2022.

Cybercriminals targeting UK universities with research facilities

Crossword’s research found that UK research facilities are in the crosshairs of cybercriminals, with 54% of the breached credentials it detected coming from UK universities with research facilities. The location and size of universities has an impact on the extent to which credentials have been breached too, the firm said, with London at substantially more risk with 506,330 (20%) credentials breached. This is followed by the South East  with 334,251 (13%) and Scotland with 306,873 (12%).

Other key findings related to size and location include:

  • The top 30 universities are up to 50% more likely to have breached credentials than any other institution in the remaining top 100.
  • London universities have more breached credentials (506,330) than Scotland, Wales, and Northern Ireland combined (465,767).

The largest segment of breached credentials by university student population were:

  • More than 30,000 students: 38% had 20,000-30,000 breached credentials.
  • 20,000-30,000 students: 39% had 10,000-20,000 breached credentials.
  • 10,000-20,000 students: 38% had 10,000-20,000 breached credentials.
  • 5,000-10,000 students: 29% had 2,000-4,000 breached credentials.

“UK universities and research facilities are among the most respected in the world, and protecting that reputation includes protecting the students, staff, and information that is shared with them for research projects by government, the public and private sector, through effective cybersecurity practices,” said Stuart Jubb, group managing director at Crossword Cybersecurity. “We recognise that these environments are amongst the most uniquely challenging to protect with overlapping requirements for secrecy and openness – so many attack paths need to be factored,” he added.

Cybercriminals are known to be prioritizing stolen and exposed credentials to bypass security measures and enhance attacks. Stolen credentials were cited as the most common method used by threat actors to infiltrate organizations in the Verizon 2023 Data Breach Investigations Report.

UK Editor

Michael Hill is the UK editor of CSO Online. He has spent the past 8 years covering various aspects of the cybersecurity industry, with particular interest in the ever-evolving role of the human-related elements of information security. A keen storyteller with a passion for the publishing process, he enjoys working creatively to produce media that has the biggest possible impact on the audience.

More from this author