United Kingdom – Lancaster University


Exploit: Phishing attack.
Lancaster University: Public research university in Lancaster, Lancashire, England.

Risk to Small Business: 1.888 = Severe Risk: A phishing attack compromised the personal information for thousands of students. Described as a “sophisticated and malicious phishing attack,” the scam thwarted the university’s cybersecurity initiatives by tricking employees into disclosing credentials or data. Now the university, which offers an advanced degree in cybersecurity, will have to provide support services for thousands of students while managing the reputational damage that always accompanies a data breach and can negatively impact future enrollment.

Individual Risk: 2.428 = Severe Risk: The phishing scam compromised student data related to undergraduate applications for the 2019-2020 school year as well as a limited amount of information related to current students. This includes student names, addresses, phone numbers, and email addresses. Furthermore, some undergraduate applicants received fraudulent invoices, which indicates one use-case for the stolen information. Therefore, those impacted by the breach need to carefully monitor their credentials for additional misuse, and they need to thoroughly vet any correspondence purporting to originate from the university.

Customers Impacted: 12,500
How it Could Affect Your Customers’ Business: Especially for organizations handling minors’ personally identifiable information, data security must be a top priority. Phishing scams, which rely on employees’ ignorance or indifference to compromise information, are defensible through employee awareness training, effectively rendering this cyberthreat useless. These attacks are easy and affordable to implement, and every organization should prepare for the inevitability that phishing emails will make their way to their employees’ inboxes.

ClearYolk to the Rescue: BullPhish ID simulates phishing attacks and conducts security awareness training campaigns to educate your employees, making them the best defense against cybercrime.

More to explore


Service Starter Mid Expert Enterprise
Monitoring Yes Yes Yes Yes
Live Notifications & Reporting Yes Yes Yes Yes
Onboarding Session with our Success Team Yes Yes Yes Yes
Monitor all users (up to XX) 150+
Monitored Domain Yes Yes Yes Yes
Additional Domains No 1 3 5
Personal Email Addresses (Gmail / Icloud etc) No 10 30
Monitored Router IP & Device IP Breach No Yes Yes Yes
Dedicated Account Manager No No Yes Yes
Fully managed Service No No No Yes
Go Phishing No No No Yes
Staff Training No No No Yes
PCM (If paid monthly) £45 £75 £150 N/A
PCM (If paid annually 20% discount) £36 £60 £120 N/A
Annual 20% discount for annual transaction £432 £720 £1440 Call
Annual Saving £180 £180 £360 Call
1 Additional Domain £25 £25 £25
Add Additional 10 Personal Emails £25 £25 £25