Security update: Unauthorised activity on 364 .uk domains

5th June 2023

Oxford 05/06/2023 – 14:30  – In the last two weeks we have been investigating unauthorised activity concerning 364 .uk domains, of which around 240 were in use.  This was traced back to a targeted attack from well-organised individuals, claiming to be the legitimate domain contact, which resulted in unauthorised changes being made to the registry’s contact details for those domains.  The affected domains were linked to the education sector.

We have taken action to restore our records back to the previous settings and have locked the domains involved to prevent future changes.

We are in touch with the registrants and registrars affected to explain what happened, outline the safeguards we have put in place, and to understand if they experienced any unusual activity as a result. The relevant authorities have also been informed, and we continue to work with the National Cyber Security Centre to investigate further.

We take matters of security extremely seriously and apologise that our processes fell short on this occasion.  Additional security checks and training have been put in place to help us guard against such attacks in future.