A recent hack of systems of the umbrella grant funding agency UK Research and Innovation (UKRI) has rattled researchers but details of the cyber-attack remain scarce. 

A UKRI spokesperson told Chemistry World that it remains unclear who the culprits were or whether any data was stolen, but that investigations are underway. 

The two UKRI services affected were the UK Research Office (UKRO), a portal run out of Brussels, and a private network used by the seven research councils. The private network is used to help carry out peer review of grant proposals across the UKRI and other cross-cutting schemes. This means grant peer review activity and referee information has been compromised even though it’s unclear if any data was taken. 

Both services remain unavailable until the probes into the incident are complete, the UKRI wrote in a statement released on 28 January. Other services are operating as normal.

‘If the data breach meant that confidential grant applications were accessed, there could be fairly significant implications from both an IP perspective and [general data protection regulation] perspective,’ warns James Robson, a lecturer in higher education at the University of Oxford. ‘Grant applications will obviously contain knowledge and ideas of the applicants, some of which could be considered extremely valuable for both the individuals concerned and their institutions.’

Funding applications are also likely to contain sensitive information such as applicants’ salaries and financial partnerships. ‘As such, the ramifications could be legally and intellectually significant,’ Robson notes.

The private network is also used to process expense claims for some UKRI review panel members. ‘We do not yet know whether any financial details have been taken, but we will endeavour to contact panel members to advise on personal protection against possible fraud in this situation,’ the agency wrote in its statement.  

The UKRI says it has reported the incident to the National Crime Agency, the National Cyber Security Centre and Information Commissioner’s Office. 

‘We have already restored the data without recourse to paying anything,’ the UKRI spokesperson says. ‘We are working to restore affected services as soon as possible and have put in place temporary measures to enable critical work to continue safely. When bringing the affected services back we will make sure any vulnerabilities have been addressed.’