Cyber Incident Victim: Haute École Arc

On July 4, 2022, Haute École Arc (HE-Arc) in Neuenburg, Switzerland, publicly disclosed it had fallen victim to a cyberattack, becoming the second higher education institution in the region targeted within five months following a February 2022 incident at the University of Neuenburg. The technical response was immediate and disruptive: the institution announced it would shortly disconnect access to all its servers and block email communications entirely. This action aimed to isolate critical infrastructure and prevent further unauthorized access or data exfiltration. HE-Arc characterized these measures as essential to protect its digital infrastructure and data assets, though it did not specify whether data theft or encryption had occurred. The announcement came late in the day, shortly before the publishing deadline of reporting media, indicating rapid operational decision-making under time pressure. No details were provided regarding the initial attack vector, duration of compromise, or identity of threat actors.

The institution’s containment strategy caused significant operational disruption by severing core IT services, including email—a primary communication channel for academic and administrative functions. HE-Arc indicated it would establish a replacement email system only after completing preliminary investigations, suggesting an extended period of degraded communications capacity. No information was disclosed regarding impacts on research data, student records, or financial systems, nor were recovery timelines provided. The preventive server shutdowns implied a loss of availability for hosted services beyond email, though the scope of affected systems remained undefined. HE-Arc did not report evidence of public data leaks or ransomware demands at the time of disclosure. The incident mirrored the earlier attack on the University of Neuenburg, highlighting recurring cybersecurity challenges for regional academic institutions.