Cyber attack - a summary
In the wake of Christmas Eve, Maastricht University was hit by a serious cyber attack. Almost all Windows systems were affected and e-mail services, among other systems, could no longer be used.
On the same day, IT staff at UM, along with external specialists, immediately started forensic investigation and repair work. On 24 December, UM put a protective "shell" around its entire network. In order to work as safely as possible, UM itself took all other systems offline. Everything was aimed at allowing students and staff, whether or not phased, to regain access to the systems as soon as possible. It was unclear how long it would take for UM to find a solution. As required, UM has filed an official report with the police.
The Executive Board, deans and directors felt a great responsibility in this area. They were immediately well aware of the possible consequences for students and staff and looked for ways to minimise any damage and provide as much clarity as possible. Temporary ‘help desks’ were set up, where students and staff could ask questions and where "customisation" could be provided if desired
On 2 January, UM published the following statement:
Maastricht University will not provide any information regarding communication with the group that has committed a major breach of the university's ICT systems and thereby put a strain on the daily operations of the institution.
The university has two important considerations in this regard:
- The (external) investigation into the background and consequences of the breach of our systems is still in full swing and will take some more time. We will share the results of this investigation (in the sense of 'lessons learned') with our fellow institutions in the sector when they become available.
- In light of this ongoing investigation, the university does not in any way want to do or communicate something that could further threaten the (digital) security of the institution in any manner, and therefore adversely affect the interests of our students, researchers, staff and the university itself.
It has been decided that UM will continue along this line until new circumstances or factors lead the institution to make a different assessment.
Guarantee education and access to scientific data
All actions were initially aimed at getting education back to normal in time and to provide researchers with access to scientific data as quickly as possible. Special attention was given to urgent and important issues such as education schedules, exams, theses, applications (restricted intake programmes), grant applications, research projects, and job applications.
Frequently Asked Questions
An FAQ was posted online as soon as possible, and was updated daily. On 2 January, UM announced that education could be resumed on 6 January and that all resits scheduled in week 2 could take place. As students had no access to the educational environment for some time, including the study materials, they may not have been able to prepare optimally for the resits planned in week 2. The Executive Board and deans therefore decided that there would be an additional opportunity for resits. Also, a "leniency arrangement" was set up for students who were demonstrably disadvantaged in any way by the cyber attack. All buildings were open again for students and staff from 2 January.
Resume education on 6 January
On 2 January it was announced that education could resume on 6 January. Some important systems - information systems on scheduling (inspection only), study materials (Blackboard) and the Student Portal - that are required for this were available online again from 2 January.
Students and staff had to change their password before Monday 6 January, outside the UM network. Many users heeded this call; on Friday 3 January, 15,000 students and employees had already changed their password.
Email available again
Email and agenda are available again from 7 January. All emails since 23 December are dated 6 January in Outlook. When you open the mail, you see the actual sending date (anytime between 23 December and 6 January). No emails were lost. On 7 January 27,000 members of the UM community have changed their passwords. We urge everyone to do so as a matter of urgency.
More and more functionalities accessible
From 7 January the network drives are accessible via the wired networks (not via WiFi). In the coming days, many other functionalities are also expected to become operational. Unfortunately, it will take a while before UM will be operational again to the same extent as we were before the cyber attack. Please check our FAQ for an overwiew of the systems that are accessible again.
A lot of work is still being done to make all the programmes needed for scheduling fully operational. As a result, the schedule for period 4 became available on 23 January - later than usual.
On Wednesday 5 February, Maastricht University will organise a symposium to communicate the lessons learnt from the attack on its computer systems. Not just for its own sake, but also for the benefit of academic colleagues, other stakeholders and the media. During the symposium, UM will be able to answer questions that couldn’t be addressed while the investigation was still ongoing, so as not to harm the interests of our students and employees or the university as a whole.
Message for alumni: password
We have received questions from alumni about changing their passwords. The accounts and passwords for the alumni portal have not been affected by the cyber attack, but are still blocked. So you cannot change your password at this time. For (urgent) questions related to alumni matters, such as the registration of the upcoming Star Lectures Event on 6 February, you can send an email to firstname.lastname@example.org.
Access internet, printing/scanning/copying and VPN
Cabled internet at the workplace: it is necessary to monitor workplaces for suspect activities. For that purpose, the monitoring software Carbon Black is currently being installed at all workplaces. As soon as this software is installed at (almost) all workplaces, the cabled network can be opened again. Look at the FAQ to find out how you can check if your workplace has already been equipped with the correct software. If not, then please contact your local support officer.
Printing / scanning / copying: new (stricter) security measures still had to be implemented. From 27 January print orders can be given by selecting the printer installed on UM workstations. The myprint website is also operational.
VPN: the expectation is that VPN will not be available for a while, because it will have to be equipped with more security. This process simply requires more time.
For employees access to the Virtual Private Network (VPN) has also been restored since 27 January. Students looking to access UM Services can use Student Desktop Anywhere (SDA), which has been operational since 6 January.
Many people have sympathised with our position in the past days, both from outside and especially within our university. It reflects the spirit and culture of Maastricht University that many people want to contribute to solving the problems. Many colleagues put their weight behind these efforts. This makes us feel very good and very grateful.