Exclusive Student Offer

Prime for Young Adults

Get a 6-month trial with premium college perks & fast delivery.

Start Free Trial
Listen Anywhere

Audible Standard Trial

Get 30 days of audiobooks free. Cancel anytime, keep your books.

Claim Free Books

Any student knows that mock exams should not be missing when preparing for an exam. Especially if it concerns a resit exam, such as for electrical engineering student Abukar Khalid Abukar (25) at Eindhoven University of Technology (TU/e). There was only one problem: Canvas, the educational environment where these mock exams can be found, was hacked at the end of last month. Several Dutch educational institutions were hit, including TU/e, and after a second hack, Canvas was closed to employees and students on Friday. No access to the mock exams.

Khalid Abukar could only think one thing when he heard last week that Canvas had been hacked. “Here we go again.” TU/e also fell victim to a cyber attack at the beginning of last year, in which a hacker had unnoticed access to the networks for five days. The plug was pulled and the university remained closed for a week.

It did not get to that point this time, partly due to the deal between hacker group Shinyhunters and Canvas’ parent company. On this quiet Tuesday morning on the TU/e ​​campus in Eindhoven, students appear down to earth, although last year’s hack is still fresh in their minds. The students find the Canvas hack, in which, according to the hackers, the names, email addresses, student numbers and correspondence of 275 million people were stolen, at best “annoying”. Such as mechanical engineering student Eline Voorbraak (20), who saw parts of her project postponed, or technical business administration student Victor Sprenkels (24), who “couldn’t access anything anymore” after the hack.

Also read

Hack on educational software Canvas is ‘super gigantic’. How extensive is the damage?

One hole is enough

The Canvas hack and last year’s cyber attack on TU/e ​​are not isolated events. Other educational institutions have also been targets of cybercrime in recent years. For example, last year several institutions in Brabant and Limburg were hit by a DDoS attack, in 2021 the South Holland ROC Mondriaan was hacked, as was a school in Gelderland that subsequently paid a ransom. Two years earlier, the Amsterdam University of Applied Sciences and University were hit by a cyber attack. And in the same year, Maastricht University suffered a serious ransomware attack, after which the university paid almost 200,000 euros in ransom.

Does this make educational institutions an attractive target for cyber attacks? Harald Vranken, professor of Cybersecurity at the Open University, thinks that is a “difficult question”. Because, he says, just like any other company that deals with IT, they are vulnerable to “holes” in cybersecurity and therefore to hacks.

SURF, the ICT cooperative that regulates part of all ICT in Dutch higher education and on whose networks the cyber attacks on Brabant and Limburg educational institutions and TU/e ​​in 2025 were aimed, also sees “no indication that education and research are attacked more often than other sectors,” a spokesperson said. From the most recent Cyber ​​Security Assessment Netherlands also shows that there is a “wide variety” of cyber attacks that do not exclusively target educational institutions.

There is an asymmetry between attackers and defenders: while as a defender you have to close all the gaps, as an attacker you only need one gap

Harald Vranken

professor of cybersecurity

However, according to Professor Vranken, there are reasons why hackers choose to launch a cyber attack on a university or college. For example, he points out the “scope” of the available data. “Many people are involved within educational institutions, which means you can immediately obtain a lot of data in the event of a hack,” he says. “The data also belongs to prospective higher educated people, who can be used in the future to participate phishing.”

In addition, Vranken points out that education virtually comes to a standstill when ICT systems are no longer available. As a result, educational institutions quickly find themselves in a “split” between solving the data breach themselves and the fast route: paying the ransom. And because so many people have access to the digital environment, the chance of “holes” in cybersecurity is always present, according to Vranken. “There is an asymmetry between attackers and defenders: while as a defender you have to close all the gaps, as an attacker you only need one gap.” He points to the ransomware attack on Maastricht University in 2019, which occurred after an employee clicked on a link in a phishing email.

Also read

‘One hundred percent security against cyber attacks is not only impossible, it is also undesirable’

Illustration Marcin Jastrzebski

Shared responsibility

All in all, it is “inevitable” that hacks at educational institutions will continue to occur, says Vranken. “We have to constantly keep up to date to get the current problems in order, while new technology such as AI is already around the corner,” he warns. “As a result, new gaps will continue to be found, also in education.”

According to SURF, cyber security in education is “high on the agenda”. A spokesperson for the Association of Universities of Applied Sciences also speaks of “good mutual cooperation” between universities of applied sciences and sectors via SURF, whereby information is shared to make the sector “more resilient”. There is a lot of “intensive” mutual contact among Dutch universities, and, for example, they regularly practice cyber crisis exercises. But, a spokesperson for the Universities of the Netherlands said, although universities take cyber security “very seriously”, “no organization can be 100 percent protected against cyber attacks.”

If you have access to the system, you share the responsibility

Jorg Bal

mechanical engineering student

Students on the TU/e ​​campus do not want to rule out a new hack. Jorg Bal (21), mechanical engineering student, is also “not sure” about it. He says that it is not just up to the university to combat cyber attacks, but also up to students to be sharp. “If you have access to the system, you share the responsibility.”

Sarah Mortier (20), a biomedical technology student, tries to be “keen” on phishing emails, but due to the “not so sensitive” data captured in the Canvas hack, she is not afraid of the consequences of a possible next hack at her university. She especially hopes to be able to submit her project on Canvas in two weeks. That appears to be happening: a TU/e ​​spokesperson has announced that Canvas will be available to students again from Monday.

Also read

During the cyber attack on the TU, the crisis scenarios were also inaccessible. ‘Luckily they were in our heads’

Information boards in the university library about the TU Eindhoven network that was paralyzed by a cyber attack. Photo Rob Engelaar/ANP





ttn-32

Get Audible 30-Day Free Trial

As an Amazon Associate, we earn from qualifying purchases.