Skip navigation
Skip navigation
You are using an outdated browser. Please upgrade your browser.
Stuart Jubb, Group MD, Crossword

54% of breached credentials discovered belonged to UK universities with research facilities, and 57% belonged to the 24 Russell Group Universities.

54% of breached credentials discovered belonged to UK universities with research facilities, and 57% belonged to the 24 Russell Group Universities.

15 June 2023 – London, UK – Crossword Cybersecurity Plc (AIM:CCS, “Crossword”, the “Company” or the “Group”), the cybersecurity solutions company focused on cyber strategy and risk, has today revealed that an analysis of online criminal markets by its Trillion risk monitoring platform, shows UK universities are at high risk of major cyber security incidents launched using breached credentials. The Trillion team discovered 2.2 million breached credentials available on the dark web for the top 100 UK institutions, with 57% belonging to the 24 Russell Group Universities.

With over 2.41m staff and students at UK universities in the 21/22 academic year (HESA student and staff records) studying for degrees, including 679,000 students from outside the UK, the potential reach and impact of a breach is serious, placing personal information at risk and disrupting the studies of millions that have chosen the UK as the place to invest for their future.

Research facilities in the crosshairs
The UK university sector is renowned for the quality of its research facilities, driving innovation across many sectors including healthcare and technology, as well as government funded programmes of national importance such as nuclear energy and defence. The analysis by Crossword found that 54% of the breached credentials came from UK universities with research facilities.

Location and size matter
The location and size of universities has an impact on the extent to which credentials have been breached, with London substantially at more risk, with 506,330 (20%) credentials breached, followed by the South East (334,251 – 13%) and Scotland (306,873 – 12%).

Other key findings related to size and location include:

● Top 30 universities are up to 50% more likely to have breached credentials than any other institution in the remaining top 100
● London universities have more breached credentials (506,330) than Scotland, Wales and Northern Ireland combined (465,767)
● Largest segment of breached credentials by university student population:
o More than 30,000 students - 38% had 20,000-30,000 breached credentials
o 20,000-30,000 students – 39% had 10,000-20,000 breached credentials
o 10,000-20,000 students – 38% had 10,000-20,000 breached credentials
o 5,000-10,000 students – 29% had 2,000-4,000 breached credentials

Commenting on the findings, Stuart Jubb, Group Managing Director at Crossword Cybersecurity Plc, said: “UK universities and research facilities are among the most respected in the world, and protecting that reputation includes protecting the students, staff and information that is shared with them for research projects by government, the public and private sector, through effective cyber security practices. We recognise that these environments are amongst the most uniquely challenging to protect with overlapping requirements for secrecy and openness - so many attack paths need to be factored. We believe that cyber security practices for all organisations, not just the education sector should include the proactive monitoring for stolen credentials, and a requirement for multi-factor authentication.”

Advice for universities and other organisations wanting to protect accounts against credentials breaches:

● Use Two Factor Authentication (2FA) on user accounts - Using 2FA on internal systems is a good start. But this does not always protect you when working with external partners, such as law firms, expense portals etc, as their systems may not require it. So you should always remain vigilant.

● Does single sign-on (SSO) protect us? Not really. If an attacker can obtain a valid password for your SSO application then they can use it for wider access. If they can access your email account then they can probably request password resets, which they can then carry out.

● Resetting passwords is only a temporary fix - The problem goes away until one of your new passwords is leaked again by another site you are using. So you need to maintain an ongoing process of protection.

● Have a policy that enforces complex passwords - The NCSC website has good guidance on choosing secure passwords. But remember your passwords still need to be unique for each website. And even a complex password, if it’s stolen from a 3rd party, can still be used against you.

● Use a 3rd party tool to monitor for breaches – These tools can automatically monitor and track stolen credentials, alerting organisations and users to a breach. Trillion also applies proprietary risk scoring algorithms to rapidly alert organisations to the presence of their user credentials on the dark web.

- Ends -

About Crossword Cybersecurity plc
Crossword offers a range of cyber security solutions to help companies understand and reduce cyber security risk. We do this through a combination of people and technology, in the form of SaaS and software products, consulting, and managed services. Crossword's areas of emphasis are cyber security strategy and risk, supply chain cyber, threat detection and response, and digital identity and the aim is to build up a portfolio of cyber security products and services with recurring revenue models in these four areas. We work closely with UK universities and our products and services are often powered by academic research-driven insights. In the area of cybersecurity strategy and risk our consulting services include cyber maturity assessments, industry certifications, and virtual chief information security officer (vCISO) managed services.

Crossword's end-to-end supply chain cyber standard operating model (SCC SOM) is supported by our best-selling SaaS platform, Rizikon Assurance, along with cost-effective cyber audits, security testing services and complete managed services for supply chain cyber risk management. Threat detection and response services include our Nightingale AI-based network monitoring, our Trillion and Arc breached credentials tracking platforms, and incident response. Crossword's work in digital identity is based on the World Wide Web Consortium W3C verifiable credentials standard and our current solution, Identiproof, enables secure digital verification of individuals to prevent fraud.

Crossword serves medium and large clients including FTSE 100, FTSE 250 and S&P listed companies in various sectors, such as defence, insurance, investment and retail banks, private equity, education, technology and manufacturing and has offices in the UK, Poland and Oman. Crossword is traded on the AIM market of the London Stock Exchange.

Visit Crossword at

For media enquiries contact:

The Crossword PR team
Ginger PR Ltd
+44 (0)1932 485 300

This press release was distributed by ResponseSource Press Release Wire on behalf of Ginger PR in the following categories: Business & Finance, Education & Human Resources, Public Sector, Third Sector & Legal, Computing & Telecoms, for more information visit