University of Hertfordshire cancels live online teaching following cyber attack

Hertfordshire the latest in a series of cyber attacks on educational institutions in the UK over the past few months

The University of Hertfordshire revealed on Thursday that it had fallen victim to a cyber attack that had impact on all of its IT systems, including those in the cloud such as MS Teams, Canvas and Zoom.

In a statement published on its website, the university said that the attack started just before 22:00 on Wednesday and took down its email system, Wi-Fi network, and student record portal.

The status page of the university showed that even cloud services, such as Office 365, were disrupted as a result of the cyber attack.

VPN access, data storage, Office 365, email, LRC Services, StudyNet, University login and password change, and the University Business Systems are currently offline.

The university informed students that all live online teaching will be cancelled on Thursday and Friday (15 and 16 April) although any "in-person, on-campus teaching" may continue if computer access is not required.

Students were assured that they "won't be disadvantaged as a result of this attack".

The institution has not yet disclosed the nature of the attack, but said that it was working hard to resolve the issue as soon as possible.

It added that while it may be difficult for students to prepare for or submit assignments, they need not worry as the date for submitting assignments will be extended.

Students were also told that all external emails coming into the University have been stopped as a precautionary measure, and therefore programme leaders, tutors or other University services will not be able to receive emails sent by students.

"We are aiming to restore this as soon as we can. We want to reassure our students that no-one will be disadvantaged as a consequence of this."

A spokeswoman for the university told the BBC that their IT teams are working with the Hertfordshire Police's cybercrime unit, and there is no evidence so far to suggest that hackers were able to steal data from the targeted systems.

Hertfordshire incident is the latest in a series of cyber attacks on educational institutions in the UK in the past few months.

Last month, educational charity the Harris Federation disclosed that it had been hit with a "highly sophisticated" ransomware attack, leaving about 37,000 students unable to access their email. The non-profit multi-academy trust said that the incident affected its IT systems and led to the encryption of their contents.

The University of Northampton also suffered a cyber attack in March that disrupted its IT services and telephone systems.

In May last year, nearly 20 UK-based universities and charities were hit in a global ransomware attack that targeted US-based cloud computing provider Blackbaud. Affected institutions included the University of York, University of London, University of Leeds, University of Reading, Oxford Brookes University, Loughborough University and the University of Birmingham.

Last month, the National Cyber Security Centre (NCSC) published an alert to warn education establishments of an increase in ransomware attacks since late February. It advised educational institutions to implement a 'defence in depth' strategy to defend their systems and networks against malware and ransomware attacks.