Cyber Incident Victim: University of Winnipeg
Date:
Mar 2024
Location:
Canada
Summary
The University of Winnipeg experienced a cyber incident prompting immediate network security measures, including the temporary unavailability of critical systems such as Nexus learning management, Web Advisor, Colleague, VPN, printing, and regular Wi-Fi. While most classes resumed onsite, online courses reliant on Nexus remained inaccessible, with instructors directed to use alternative delivery methods like email or Teams. A temporary Wi-Fi network (TEMPWIFI) enabled limited internet access on campus, alongside operational Microsoft 365 tools, campus phones, and electronic door access. The institution is working with external experts and authorities to restore services, investigate the incident, and assess its impact, advising users to maintain trusted device logins for email access.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 3 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On March 24, 2024, the University of Winnipeg discovered a cyber incident that disrupted its network operations, prompting immediate containment measures. The institution secured its network by disabling multiple critical systems, including the Nexus learning management system (LMS), Web Advisor, Colleague administrative software, VPN access, and campus printing services. Regular campus internet and Wi-Fi were suspended, though a temporary network labeled TEMPWIFI was deployed to provide limited connectivity. Microsoft 365 applications—including Outlook email and Teams—remained operational alongside campus phones and electronic door access systems. The university initiated an investigation with external cybersecurity experts and notified law enforcement authorities. Restoration efforts prioritized reactivating academic functions, allowing most in-person classes to resume by March 26, though online courses dependent on Nexus remained inaccessible. Registration for the Spring Term was suspended indefinitely, and students were instructed not to log out of trusted devices to maintain email access. Faculty were directed to use alternative methods like HDMI connections for classroom presentations and USB drives for materials, as networked AV systems were nonfunctional.
The incident significantly impacted academic continuity, particularly for courses requiring specialized software or internet access. Labs reliant on online databases, SPSS software installed on university hardware, or ACS laboratory systems could not operate normally. Library services maintained partial functionality, with physical collections accessible but e-resources limited to on-campus use via TEMPWIFI. Instructors shifted synchronous online instruction to platforms like Zoom or Microsoft Teams and distributed materials via email, though students who logged out of institutional email accounts faced communication barriers. Administrative processes stalled due to the unavailability of Colleague and Web Advisor, hindering student services, advising, and accommodations coordination. The university established centralized communication channels through its website FAQs, Service Desk support for technical issues, and departmental contacts for course-specific adjustments. Research activities involving network-stored datasets were interrupted, with no estimated restoration timeline provided. Collegiate faculty utilized a scheduled study day on April 10, 2024, as an optional make-up date for missed instruction, while PACE programs developed separate contingency plans through program managers. Restoration priorities focused on reactivating Nexus LMS to restore full academic operations, though the investigation into the incident’s scope and attacker methodology remained ongoing at the time of reporting.