Cyber Incident Victim: Baruch College

On September 27, 2023, Baruch College announced that widespread network outages affecting the campus were the result of a malware attack. This announcement confirmed the technical issues as a deliberate cybersecurity incident. The college did not specify the exact type of malware involved in the attack against its network. The immediate consequence of this attack was the decision to close the physical campus for general student access for the remainder of that week. Only essential staff were permitted on-site. This initial response was a containment measure to isolate the network and prevent further potential damage while investigation and remediation efforts began.

In response to the ongoing incident, Baruch College extended remote learning operations through October 1. The notification regarding the continuation of remote instruction was communicated to faculty at approximately 3:30 p.m. on September 27. This shift to a fully remote academic model was a direct response to the network unavailability caused by the malware, ensuring the continuity of education while the infrastructure was being secured and restored. The college's administration anticipated that on-campus classes and activities would be able to resume on October 2, pending further updates on the recovery progress from the Baruch Computing and Technology Center.

The operational impacts of the network outage were extensive and affected nearly all campus services. The Baruch College library, a central resource for students, was forced to alter its operations significantly. It opened for limited services on Thursday and Friday, September 28 and 29, but only during reduced hours from 9 a.m. to 5 p.m. Its services were restricted primarily to laptop loans, providing critical hardware to students who relied on college resources for remote work. The library remained completely closed on the subsequent Saturday and Sunday, highlighting the severity of the outage and the time required for restoration efforts.

Student academic support services were severely disrupted. The Student and Academic Consulting Center, known as SACC, had to drastically modify its offerings. Its TutorTrac service, which is used for scheduling tutoring sessions, was completely unavailable due to the network outage. In its place, SACC transitioned to offering "drop-in tutoring" sessions conducted via Zoom. Other SACC programs, including workshops, the BAR Program, and weekly individual tutoring appointments, were all moved to a virtual format to accommodate the remote learning environment forced by the incident. This demonstrated the college's effort to maintain educational support despite the technical constraints.

The incident also had a direct financial impact on some students. Peer mentors who were hired through the New Student and Family Programs at Baruch found themselves unable to perform a critical administrative task: updating their timesheets. This system was rendered inoperable by the network outage. As a result, the processing of their payments was delayed. The college communicated that these payments would not be issued until October 11, indicating a significant delay in payroll operations caused by the malware attack's disruption of essential internal systems.

Extracurricular activities and student life were also curtailed. Club events that are typically held on Thursdays across campus were either canceled outright or moved to a remote format. This cancellation of in-person gatherings further emphasized the campus's non-operational status for general student use and the breadth of the outage's impact on all facets of college life, extending beyond the classroom to affect community and social engagement.

The technical response to the attack was led by the Baruch Computing and Technology Center. Their restoration work was methodical and incremental. They successfully restored some core components of Baruch’s network infrastructure, including the college's main public website and Baruch’s email system. These are considered critical communication channels, and their restoration was a priority to ensure the college administration could continue to disseminate information to students, faculty, and staff. The BCTC did not, however, provide a comprehensive list of all other services that were restored at that time, nor did it specify a definitive timeline for when all systems would be fully operational again. The recovery process was ongoing, with the expectation of a return to normalcy at the start of the new week.

Another mass email was sent out by Michele Doney, the director of the Student and Academic Consulting Center, to provide further clarity on the status of student services. This communication reported that most services would continue to either operate remotely or remain entirely unavailable for the duration of the outage. This message reinforced the widespread nature of the disruption and set realistic expectations for the student body regarding the limited availability of college resources during the recovery period. The incident underscored the college's dependence on its network infrastructure for both academic and administrative functions.

The closure of the physical campus and the extension of remote learning through the weekend represented a significant operational disruption directly attributable to the malware attack. The inability to hold on-campus classes, access full library services, or conduct normal club activities pointed to a network compromise that affected foundational IT systems. The fact that only essential staff were allowed on campus suggests concerns over the security of the physical network infrastructure itself, necessitating a limited personnel presence to facilitate the technical response without risking further exposure or damage.

The delay in student payments highlights how the cyber incident transcended IT systems to impact human resources and financial operations. The inability for peer mentors to submit timesheets indicates that the HR or payroll platforms were either offline, inaccessible, or considered untrustworthy in the wake of the attack. The decision to delay payment until October 11 suggests that the restoration of these specific systems was not immediate and required a thorough process to ensure their integrity and security before being brought back online for processing sensitive financial transactions.

The restoration efforts undertaken by the Baruch Computing and Technology Center were focused on regaining core communication capabilities first. Bringing the email system and public website back online was a critical first step in re-establishing reliable information flow from the administration to the college community. The gradual, phased approach to restoring other services indicates a careful process of verifying system integrity and ensuring that the malware had been completely eradicated to prevent a re-infection. The lack of a public detailed restoration timeline suggests the complexity of the recovery operation and the need for flexibility as technicians assessed each system.

The overall response strategy employed by Baruch College involved a combination of immediate containment, a shift to remote operations for continuity, and a phased technical restoration. Containing the incident by limiting physical and network access was the initial priority. This was followed by leveraging remote learning and virtual service platforms to maintain educational functions. Simultaneously, technical teams worked to diagnose the issue, eradicate the malware, and restore systems in order of operational importance. The college relied on mass email communications, once that system was restored, to keep the community informed of the evolving situation and the status of various services. The incident's full scope, including whether any data was accessed or exfiltrated, was not detailed in the available information.