THE BREACH
UVAC has recently gone through the process of updating www.uvac.ac.uk to improve the speed, stability and security of the site.

As part of this process the existing site was moved from one hosting provider to another. By using a dedicated server this has improved speed and security of the site. Once the site was live on the new hosting there was a brief period when the older version of the site was still present on the older server, albeit this site was no longer accessible through the URL.

During this period the server where the old version of the site was hosted was subject to a Cyber-attack and details of user names (University email addresses) and hashed credentials associated with user passwords were obtained.
This information was then published on https://pastebin.com and some institutions, as part of their monitoring capabilities, have been notified by JANET (Joint Academic NETwork) that some of our users’ credentials have been leaked online. Thank you to those who alerted us to such notifications.

REMEDIAL ACTION
UVAC would like to assure you that all website and database information has been deleted from the older server, so this vulnerability no longer exits.

However, as a precaution we suggest changing the passwords used for your UVAC login, especially if you do use a common password across different services. But, the breach does not involve the personal data of individuals and it unlikely that the breach will result in a risk to those whose data may have been breached. We do not consider that it meets the requirements to notify the ICO (as the volume of website login users is also very small) but we will keep internal records and members notified of any future developments or concerns.

We have now taken down the old site, have had the breached data removed and are now confident that the current site is secure. If you wish to discuss or report an incident please contact (E) [email protected] (M) 07763 820713