13 July 2021
We understand that hackers created gmail accounts to pretend to be academics and created a dummy site to seek to collect data from people they were targeting. This dummy page was placed on the website of SOAS Radio, which is an independent online radio station and production company based at SOAS. The website is separate from the official SOAS website and is not part of any of our academic domains. We understand the target was not SOAS itself, but external individuals.
To be clear, academic staff at SOAS of course have no involvement in this process, nor has any action or statement by SOAS staff led to them being spoofed in this way. There was no suggestion of breach of cybersecurity by any SOAS staff."
In relation to the creation of the dummy site, no personal information was obtained from SOAS, and none of our data systems (eg staff and student records, financial information, emails and core ac.uk website and so on) were involved or affected by this. Our cyber security systems for our core systems are robust and fit for purpose.
Once we became aware of the dummy site earlier this year, we immediately remedied and reported the breach in the normal way. We have reviewed how this took place and taken steps to further improve protection of these sort of peripheral systems.