The Student Loans Company was bombarded with 965,639 cyber attacks in 2017/18 aside from being targeted by 323 malware attacks and 235 phishing attacks in the period, a Freedom of Information request by the Parliament Street think tank has revealed.
Such a massive interest among hackers to infiltrate the Student Loans Company’s website and other digital assets is more or less a recent phenomenon, considering that the company was targeted with only three cyber attacks in 2015/16 and ninety-five in 2016/17.
Student Loans Company stopped all cyber attacks
However, what’s encouraging to note is that the company was able to defend against all cyber attacks, malware attacks and phishing attempts thrown at it in 2017/18 with hackers tasting success only once by managing to inject a Monero mining malware into the website via a third-party plugin.
“Firstly we’d stress that malicious online activity affects every organisation and individual. It is also necessary to put in context that 99.9% of the “attempts” recorded in 17/18 present an extremely low level of threat. The apparent increase in 17/18 figures is largely due to changes in the way security incidents are recorded,” said a spokesperson from the Student Loans Company to IT Pro.
“It is also worth stressing that, while we remain permanently aware and vigilant, every one of these attempts was detected and prevented at an early stage, with no violation of systems or data security. Cyber security will always remain a top priority for SLC and we continue to invest in the technical expertise and resources required to keep information safe,” the spokesperson added.
Responding to the number of attacks faced by the Student Loans Company in recent times, Patrick Sullivan, the CEO of Parliament Street, said that it is very important that organisations such as The SLC protects the confidential financial information it holds from third-party attacks by investing in encryption and cyber initiatives.
Fraudsters impersonating SLC to defraud students
In recent times, cyber criminals have not only targeted SLC to gain access to personal and financial information of millions of students but have also launched phishing attacks on students by masquerading as SLC and sending them malicious emails to obtain their personal information as well as payment card details.
“Freshers are particularly at risk of divulging their details as they may not be aware that the Student Loans Company will never ask a student for their personal or banking details by email or text message. We encourage anyone who receives a suspicious student finance email to send it to us so that we can investigate the sites and shut them down,” said SLC’s Head of Counter Fraud Services Fiona Innes in September last year.
“In the last two years, SLC’s Counter Fraud Services team stopped over half a million pounds of student funding being stolen through phishing scams and in the last year alone, the team prevented £13.2 million of taxpayers’ money from being paid out by identifying fraudulent activity,” the company revealed.