Six people have been arrested after a bogus email scam targeted students.
The Metropolitan Police Central e-Crime Unit (PCeU) said the compromised data had been used to illicitly acquire over 1 million.
The crooks sent out emails to students them asking them to visit a website and update their loan details. The site was bogus and tricked hundreds of students into handing over their bank accounts to the criminal network running the phishing operation.
The criminals were able to steal between 1,000 to 5,000 at a time, the Met said.
"A great deal of personal information was compromised and cleverly exploited for substantial profits," said Detective Inspector Mark Raymond from the PCeU.
"We have today disrupted a suspected organised group of cyber criminals and prevented further loss to individuals and institutions in the UK. Today's arrests demonstrate what can be achieved when a partnership approach is adopted to investigate internet-based crime."
The PCeU said it worked alongside the Students Loan Company, the banking sector and ISPs in tracking the suspects.
Search warrants were executed in London, Manchester and Bolton yesterday, where the suspects are currently being held. They were arrested on suspicion of conspiracy to defraud and Computer Misuse Act.
A number of computers and associated storage media have been apprehended by the police for forensic examination.
The arrests come towards the end of another positive year for the PCeU. Last month, the body shut down 2,000 fraudulent websites that were either flogging knock-off gear or selling nothing at all.
In October, the Met claimed the PCeU had saved the UK economy over 140 million in just six months.
-
AI is helping bad bots take over the internetNews Automated bot traffic has surpassed human activity for the first time in a decade, according to Imperva
-
Two years on from its Series B round, Hack the Box is targeting further growthNews Hack the Box has grown significantly in the last two years, and it shows no signs of slowing down
-
Capita tells pension provider to 'assume' nearly 500,000 customers' data stolenCapita told the pension provider to “work on the assumption” that data had been stolen
-
The IT Pro Podcast: The front line of fraud techIT Pro Podcast With tools such as deepfakes, the future of fraud tech relies on cutting edge AI as much as good security practice
-
Podcast transcript: The front line of fraud techIT Pro Podcast Read the full transcript for this episode of the IT Pro Podcast
-
LAPSUS$ breached T-Mobile systems, stole source codeNews T-Mobile has denied that the hackers obtained customer or government information
-
Exclusive: Former Shiseido staff say company was aware of data breach weeks before official noticeNews Fake companies were created using the stolen identities of hundreds of Shiseido employees, former staff claim
-
Gumtree site code made personal data of users and sellers publicly accessibleNews Anyone could scan the website's HTML code to reveal personal information belonging to users of the popular second-hand classified adverts website
-
What is smishing?In-depth A closer look at one of the most perilous forms of phishing
-
Pizza chain exposed 100,000 employees' Social Security numbersNews Former and current staff at California Pizza Kitchen potentially burned by hackers
