The UVA and AUAS were the targets of a major cyber attack in February and March 2021. This cyber attack did not lead to system failures, hijacking or ransom requests. All servers and systems of the UvA and AUAS have been thoroughly investigated and cleaned up where necessary.
The attack was detected at an early stage by the Security Operations Centre (SOC), followed by immediate measures and forensic investigations. Within a short time frame, the hackers had infected over 50 of the more than 1,000 UvA and AUAS servers and installed options for encryption at a later stage. The servers are now clean.
‘This attack shows once again that higher education is a target of focused attacks and that it is necessary to be on high alert,’ says Jan Lintsen, member of the UvA Executive Board. ‘We are proud of our ICT department and pleased that our education and research could continue during this attack. It is important to share the lessons learned from this attack and to continue investing in good cyber security. We will certainly do that in the coming period,’ says Hanneke Reuling, Vice-Chair of the AUAS Executive Board.
The UvA and AUAS have filed a report with the cybercrime police and have also notified the Dutch Data Protection Authority. The police investigation is ongoing. There are currently no indications that the hackers were after personal or general data. Because the attackers did have access to a number of systems and the encrypted passwords, all users were asked to change their passwords as a precaution. A number of accounts were blocked as a result of this because the user didn’t change their password in time.
In March and April, the attack and the AUAS and UvA’s response to it will be extensively evaluated and additional investigations will be carried out if necessary. The lessons learned and recommendations will be shared publicly once the investigation is concluded, particularly with other higher education institutions.
The focus in the coming period will be on the recovery of ICT service provision for students and employees. Systems that have been cleaned up or turned off as a precaution will be made available again in phases. This is a process that will take several months and will be carried out in close consultation with the faculties and shared service units.