UK Research and Innovation (UKRI) has been hit by a cyber attack that has resulted in data being encrypted by a third party.
The non-departmental public body has published a statement saying that two of its services have been affected: the UK Research Office, which has portal providing an information service to subscribers that does not contain any personal data; and an extranet used by its councils for processes such as expenses claims.
It has suspended both services, saying no other systems have been affected and that its other work is continuing.
It has so far been unable to confirm whether any data was extracted from its systems, and has reported the incident to the National Crime Agency, the National Cyber Security Centre and the Information Commissioner’s Office.
“We take incidents of this nature extremely seriously and apologise to all those affected,” UKRI said in the statement.
“We are working to securely re-instate impacted services as well as conducting forensic analysis to ascertain if any data was taken, including the potential loss of personal, financial or other sensitive data.”
It added: “If we do identify individuals whose data has been taken we will contact them further as soon as possible.”
Image from iStock