Student Loans Company Increasingly Targeted in Cyber Attacks
The Student Loans Company (SLC) has experienced a significant increase in the number of attempted cyber attacks over the past three years, a Freedom of Information (FoI) request shows.
The Student Loans Company (SLC) has been subjected to nearly one million cyber attacks in the space of one fiscal year, one of which was successful.
A Freedom of Information (FoI) request made by the think tank, Parliament Street, shows that the government-owned grants organisation suffered an estimated 965,639 attacks in 2017/18.
One of these attacks, a cryptojacking malware attack, was successful – resulting in the SLC.co.uk domain being infected with Monero cryptocurrency mining software.
In total, there were more than 320 attempted malware attacks, as well as an additional 235 malicious emails or telephone calls during the same period.
The SLC insisted that given the website is hosted by a third-party supplier, no customer data was exposed by the attack.
Details revealed in the FoI show that over the past three fiscal years, the SLC has become a prime target for cybercriminals. In the 2015/16 financial year, the organisation was subjected to just three attempted cyber attacks; the following year saw a significant increase with a total of 95.
The government-owned body holds around £117 billion worth of loans, along with sensitive financial data on more than eight million registered users.
A spokesperson for the SLC told IT Pro: “Firstly we’d stress that malicious online activity affects every organisation and individual.
“It is also necessary to put in context that 99.9% of the “attempts” recorded in 17/18 present an extremely low level of threat. The apparent increase in 17/18 figures is largely due to changes in the way security incidents are recorded.”
The significant increase in the number of attempted cyber attacks during the 2017/18 year is, according to the organisation, due to changes in the way security threats and incident are recorded.
Of the total recorded attempts, 127 were not blocked and recorded as incidents, the SLC said.
“It is also worth stressing that, while we remain permanently aware and vigilant every one of these attempts was detected and prevented at an early stage, with no violation of systems or data security,” the spokesperson added.
“Cybersecurity will always remain a top priority for SLC and we continue to invest in the technical expertise and resources required to keep information safe.”