The financial services industry registered
three
times more security incidents
than any other industry in 2018. According
to data
released under Freedom of Information legislation, UK government organization
The Student Loans Company (SLC) experienced close to a million cyberattacks in
the 2017 – 2018 fiscal year. The information was made public upon written
request from the Parliament Street think tank.

While most attacks were
categorized as malware (323), Denial-of-Service, and malicious emails or calls
(235), they all failed, except for a cryptojacking attack. Manipulating a
third-party plugin, hackers injected Monero mining software into the company’s
network. This was attributed to third-party incidents.

Dealing with student grants and
loans, SLC had access to a high volume of confidential personal and financial
information. According to
its annual report
, the company has 8.1 million customers and a loan
book value of £117.8 billion, and it processed about 1.8 million applications
in the fiscal year.

The non-profit organization says
it stores no customer data on its servers, so no critical information was
compromised. The company further said they only “host publicly available data.”

During the 2017 – 2018 fiscal
year, The Student Loans Company suffered 1 million attacks meant to compromise
the network and access financial information. This figure is of particular
concern since the organization only suffered 95 attacks in the previous year
and just three the year before that.

“Firstly we’d stress that
malicious online activity affects every organization and individual,” a
company spokesperson said for IT Pro. “It is also necessary to put in
context that 99.9 % of the ‘attempts’ recorded in 17/18 present an extremely
low level of threat. The apparent increase in 17/18 figures is largely due to
changes in the way security incidents are recorded. It is also worth stressing
that, while we remain permanently aware and vigilant, every one of these
attempts was detected and prevented at an early stage, with no violation of
systems or data security.”