Cyber Incident Victim: Laurentian University
Date:
Feb 2024
Location:
Canada
Summary
A cyber incident disrupted Laurentian University's IT systems, causing widespread service outages including authentication systems, campus network access, and cloud-based platforms essential for teaching and operations. The institution prioritized restoring limited connectivity for on-campus activities, enabling in-person classes without internet while working to gradually reinstate remote access for online learners. Mandatory security updates requiring physical device installations were implemented for staff to mitigate vulnerabilities, with payroll processing secured through temporary measures. Students expressed significant distress over inaccessible academic resources and communication gaps, particularly impacting remote learners unable to submit assignments or access grades. The incident prompted collaboration with cybersecurity experts and law enforcement while necessitating alternative teaching methods and work arrangements during recovery efforts.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 3 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Laurentian University first detected a cyber incident on the morning of February 18, 2024, prompting immediate network security measures and engagement of external cybersecurity experts. Initial communications on February 18-19 described widespread technical issues affecting multiple IT systems, with no estimated restoration timeline. The university advised staff and faculty to work remotely on February 20-21 where possible. By February 20, the institution confirmed the event as a cyberattack, reported it to law enforcement, and established a static website (laurentian.ca) alongside social media channels for updates after losing regular email functionality. Early impacts included disabled authentication systems preventing access to cloud services like D2L, Google Workspace, and Zoom, as well as campus-wide Wi-Fi and wired network outages affecting classrooms, offices, and libraries.
Residence internet access was partially restored by February 21, while payroll staff regained on-site access to the Colleague ERP system to process February payments on schedule, albeit without electronic pay statements. The IT team prioritized rebuilding the authentication infrastructure to enable cloud service logins before the February 26 resumption of in-person classes post-reading week. Despite progress, the campus network remained offline for most buildings during the week of February 26, forcing instructors to adapt teaching methods without internet connectivity. Online and hybrid students faced unresolved access challenges, with accommodations pending service restoration timelines. From February 24 onward, IT focused on mandatory installation of SentinelOne endpoint protection on all staff and faculty devices via on-campus kiosks—a prerequisite for future network and cloud service access. This security upgrade required physical device visits, delaying full operational recovery. Concurrently, manual timesheet processes were implemented to ensure staff payments. The incident caused significant operational disruption, student anxiety over academic deadlines and grades, and privacy concerns, though no data compromise specifics were disclosed. University leadership acknowledged the community’s resilience while IT teams continued system restoration and forensic investigations without public attribution of the attack.