Go to listing page

Student Loans Company suffered nearly one million cyber attacks last year

Student Loans Company suffered nearly one million cyber attacks last year
  • This is an increase of nearly 322,000 times in just two years.
  • The one successful attack attempt saw the compromise of the domain ‘slc.co.uk’.

The Student Loans Company (SLC) was hit by nearly a million cyber attacks in the last financial year. The attacks include one successful cryptojacking attack.

According to data released under a Freedom of Information (FoI) request, a total of 965,639 cyber attacks were reportedly attempted against the government-owned company SLC. This is an increase of nearly 322,000 times in just two years. In the year 2015/16, the organization had just sustained just three cyberattacks. This was followed by only 95 attacks in 2016/17.

The attacks were categorized under malware, denial-of-service, malicious calls/emails, and other cyber attacks.

No customer data leaked

The one successful attack attempt saw the compromise of the domain ‘slc.co.uk’. The site was injected with Monero mining malware via a third-party plugin. However, the company made it clear that no customer data breached in the incident as the website only hosted publicly-available material.

The SLC also reported 323 malware attack attempts and 235 malicious call or email attempts as a part of the 965,639 cyber attacks. Of these malware and malicious call attempts, the organization was not able to block 127 incidents.

Citing the increase in the number of attacks, an SLC spokesperson told IT Pro, “Firstly we'd stress that malicious online activity affects every organization and individual. It is also necessary to put in context that 99.9 % of the "attempts" recorded in 17/18 present an extremely low level of threat. The apparent increase in 17/18 figures is largely due to changes in the way security incidents are recorded”.

“It is also worth stressing that, while we remain permanently aware and vigilant, every one of these attempts was detected and prevented at an early stage, with no violation of systems or data security,” the spokesperson added.

Cyware Publisher

Publisher

Cyware