On 7th July we noticed a website outage and immediately launched an investigation, which found that this was the result of a malicious attack. Using a variety of automated tools the attacker was able to steal data from an NCRM database containing administrative information supplied when registering to attend/expressing interest in courses. The database included contact details but no financial information. The cause of the breach was patched within minutes of discovery and the website has been offline while a full security review was undertaken by the University’s IT service. No further data loss or vulnerabilities were found and our news mailing list has not been affected. All relevant authorities have been duly notified and notifications sent to everyone affected. If you have received a notification email, it explains what happened and what action was taken: we again extend our sincere apologies.
NCRM has been serving the research community since 2004 and has always taken data security extremely seriously. If you have further questions or concerns, please contact us at firstname.lastname@example.org in the first instance.
Submitted by David Martin on Thursday, 16th July 2020