Due to last weekend’s cyber attack, Eindhoven University of Technology is forced to postpone all exams and education for a week. The university wrote this in an email on Tuesday press release.
The university discovered the attack on Saturday evening around 9 a.m. and decided to take its own network offline. The campus buildings remained open, but students and staff could not use educational applications, such as the Canvas learning environment and the Teams video calling program.
Due to the disruption, many exams may be “insufficiently prepared” or not taken at all, the university writes. By moving the education calendar forward by a week, the university hopes to give students and teachers “clarity and sufficient time” “to prepare exams and complete assignments on time.”
Education is more often a target
The decision to move the education calendar forward by a week will have “individual consequences,” says Vice-President of the Executive Board Patrick Groothuis. “For example in connection with planned holidays. We will do our best to help people with this.”
TU Eindhoven expects to be able to gradually make the programs accessible again this week. Wi-Fi was available on campus again on Tuesday. However, according to the university, it may take weeks before all functionality is restored.
It happens more often that educational institutions are the target of cyber attacks. For example, computer systems at Maastricht University were held digitally hostage for a time in 2019. The university then paid a ransom of 200,000 euros in Bitcoin. And in 2021, the systems of the Arnhem and Nijmegen University of Applied Sciences (HAN) were broken into, after which the stolen data of 56,000 students and employees were offered for sale online.
Continue working analogously
GroenLinks-PvdA asked questions in the House of Representatives on Tuesday to Teun Struycken, State Secretary for Justice and Security on behalf of NSC, about the cyber attack on TU Eindhoven. MP Barbara Kathmann wanted to know whether Struycken agreed with her that every vital sector should make a plan to get through the first 48 hours after a cyber attack.
According to Kathmann, this also means that institutions should be able to continue “analogously” at that time. In the case of an educational institution such as TU Eindhoven, this would mean that a plan must be in place to continue lectures and exams if ICT systems are down.
Struycken replied that the government is thinking about this and will soon come up with the concept of the Cyber Security Act, which obliges vital sectors such as healthcare, government and the food industry to take cyber security measures. According to him, this includes such a plan for the first 48 hours. According to Struycken, it has yet to be decided whether educational institutions will also fall under this law.
Also read
After the fatal click, hackers had free rein