Cyber Incident Victim: Northern Caribbean University

On February 22, 2025, Northern Caribbean University (NCU) experienced a disruptive cyberattack that forced the shutdown of critical computer systems. The attack, detected on Saturday, February 22, rendered university records and student financial databases inaccessible by Monday, February 24. NCU administration issued a public statement warning current and former students about potential exposure of personal data, though no evidence confirmed public release of information at that time. The incident immediately disrupted academic operations by crippling the Learning Management System, necessitating temporary shifts to alternative platforms for coursework and instruction. While the university's main website remained offline, its social media channels and email systems continued functioning, allowing limited communication. Staff were directed to maintain regular duties unless supervisors issued alternate instructions, though no restoration timeline was provided for affected systems.

The university activated a multi-agency response involving Jamaica's Cyber Incident Response Team, the Office of the Information Commissioner, and the Major Organised Crime and Anti-Corruption Agency. This marked NCU's second major cybersecurity incident in three years, following a January 2022 ransomware attack that encrypted institutional files. The 2025 attack's operational impacts extended beyond academic functions, compromising administrative access to financial and student records while creating uncertainty regarding data security. No threat actor claims or specific attack vectors were disclosed in available communications. The institution maintained public advisories about potential data exposure risks but did not specify mitigation measures for affected individuals beyond operational workarounds for academic continuity.