The Hamburg University of Applied Sciences was the victim of a cyber attack in December. Since then, operations at the university have been significantly disrupted. The university’s IT services are only available to a limited extent, deadlines for students have had to be extended and essential university services cannot be used.
Attack in late December
At the end of December, a cyber attack on HAW Hamburg was successful: it managed to penetrate the university’s IT system. Since then, many of the university’s services have been unavailable to employees and students alike. Among other things, the central identity management system, which is required for logging in to internal and external services, the university’s entire communications infrastructure, exam preparation tools and other services essential for teaching have been affected.
This has had a noticeable impact on the university’s processes. For example, the submission deadlines for exams were initially extended by three weeks, as it is almost impossible to process them without access to HAW’s online services. The postponement of exam dates is also up for debate. However, the start of attendance after the end of the winter vacations is not to be postponed.
Backups deleted, data encrypted
The exact course of the attack on HAW Hamburg is not yet known. The university has only stated that it started from a decentralized system and ended with backups being deleted and data being encrypted in HAW’s central storage system with admin rights. In addition, it was assumed that personal data of students had been leaked. HAW also stated that it is currently working on the incident with an IT crisis team and an external company. In addition to HAW, the city of Potsdam was also the victim of such an attack at the end of December.