Cyber Incident Victim: Northumbria University
Date:
Aug 2020
Location:
United Kingdom
Summary
A cyberattack caused significant operational disruption at Northumbria University, forcing campus closure and halting student access to IT systems including learning platforms. The incident led to exam cancellations, academic calendar rescheduling, and an inability to process critical administrative functions like clearing calls. While not explicitly confirmed, the attack was characterized as ransomware-related amid rising financially motivated cyber threats targeting educational institutions. Restoration efforts were underway to recover affected systems following the widespread technical outages.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Northumbria University experienced a significant cyber incident beginning on or around August 31, 2020, which forced the closure of its Newcastle-Upon-Tyne campus and caused widespread operational disruptions. The attack led university administrators to halt all campus access for students for an entire week while IT teams worked to restore affected systems. Deputy vice chancellor Peter Francis publicly acknowledged the incident, describing it as causing "significant operational disruption" to university functions. Critical academic platforms including the Blackboard learning management system became inaccessible, directly interrupting teaching activities and student resources. The university canceled scheduled examinations during this period and announced it could not process clearing calls for prospective students, creating complications for the academic calendar. Administrative operations faced paralysis as IT infrastructure required extensive remediation efforts. No specific details about the initial attack vector or intrusion methods were disclosed by university officials.
The cyber-attack was characterized as likely involving ransomware based on observed patterns of financially motivated threats targeting educational institutions. Industry analysts noted this incident aligned with a broader trend of rising cyber-attacks against UK universities, with approximately one-third experiencing ransomware incidents over the preceding decade. Webroot senior threat researcher Kelvin Murray highlighted the necessity for enhanced cyber-resilience measures and security training across academic institutions in response to such threats. Northumbria University's prolonged IT system outages underscored the attack's severity, requiring sustained recovery efforts beyond immediate containment actions. The campus closure and academic disruptions represented tangible consequences affecting thousands of students during a critical period in the academic term. University leadership maintained operational focus on restoring core systems without publicly attributing the attack to specific threat actors or disclosing whether ransom demands were received.