University apologises for offensive language in prospectus emails

Cyberattack led to Queen Mary spamming members of the public, calling them rude names

Published on

July 21, 2025

Last updated

July 21, 2025

Patrick Jack

Twitter:

Source: iStock/steved_np3

Queen Mary University of London has been forced to apologise after a cyberattack led to members of the public receiving offensive emails from the institution.

A spam bot attack on one of the university’s systems sent details about courses to random email addresses it harvested from across the internet.

“Stupid cocksucker, here’s your undergraduate prospectus download!” said one of the emails, according to posted online.

The university wrote to all those affected, reassuring them that the issue had been contained and no data had been compromised.

̽��Ƶ

Thomas Lancaster, principal teaching fellow in computing at Imperial College London, told ̽��Ƶ that the issue was probably caused by an insecure automated form on the university website where prospective students can sign up with a name and email and get access to a prospectus.

He said this will be treated “more as a joke than as totally malicious” but warned that universities could suffer reputational damage from such attacks.

̽��Ƶ

“Universities need to monitor for offensive requests, repeat requests from the same location, an unexpected volume of requests and the like, as well as to close off insecure email channels.

“If there’s one email vulnerability, there are likely more. Think full-blown spam attacks, seemingly coming from a university.”

The incident is the latest example of UK universities being affected by cyberattacks. It comes just a week after servers at Nottingham Trent University were hit by a cyberattack, forcing all student and staff passwords to be reset.

Lancaster warned that universities are at real risk of cyberattacks, with hackers finding ways to access university systems, leak data, encrypt systems and hold universities to ransom.

̽��Ƶ

“These small exploits are often the gateways to much larger vulnerabilities,” he added.

A QMUL spokesperson said: “We have successfully resolved an issue generated by a spam bot using email addresses that had been harvested from the internet.

“The data we hold has not been compromised. We have apologised to anyone affected.”

patrick.jack@timeshighereducation.com

Register to continue

Why register?

Registration is free and only takes a moment
Once registered, you can read 3 articles a month
Sign up for our newsletter

Or subscribe for unlimited access to:

Unlimited access to news, views, insights & reviews
Digital editions
Digital access to �ձᷡ’s university and college rankings analysis

Please or to read this article.

Montage of the British Library with fingerprints to illustrate ‘We are vulnerable when we go digital’

How the British Library cyberattack disrupted research

Academics who rely on the British Library’s unmatched collection are still feeling the impact of a devastating cyberattack a year ago. Jack Grove hears from those affected and considers how another catastrophic breach might be averted

By Jack Grove

21 November