Cyber Incident Victim: Bermuda College
Date:
Feb 2022
Location:
Bermuda
Summary
Bermuda College experienced a suspected cyber attack disrupting its IT systems, including internet access, website, internal portals, and webmail services, which partially affected classroom instruction. The institution engaged its IT provider and cybersecurity experts to restore operations, noting initial indications suggested no theft or loss of personal or institutional data due to existing backup protocols. Police were notified to investigate the incident, while phone systems remained functional and non-internet-dependent classes continued normally alongside remote instruction.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On February 1, 2022, Bermuda College experienced a significant disruption to its IT infrastructure, initially detected by the institution's personnel. The incident impacted internet connectivity, the college's public website, internal portals, and webmail services, hindering administrative functions and certain classroom activities requiring online access. College representatives publicly disclosed the event on February 2, characterizing it as a suspected cyber attack based on preliminary assessments. Immediate response measures included engagement of the college's IT service provider and external cybersecurity specialists, who initiated around-the-clock remediation efforts to restore systems. The Royal Bermuda Police Service was notified and commenced a formal investigation into the incident's origins and nature.
Despite operational disruptions, the college maintained partial functionality through unaffected systems. Phone communications remained operational via the main switchboard and direct lines, allowing continued public contact. Classroom activities proceeded for experiential labs not requiring internet access and for courses conducted through unaffected remote instruction platforms. Institutional representatives emphasized that preliminary forensic analysis indicated no evidence of data exfiltration involving student personal information, attributing this outcome in part to established data backup protocols that prevented permanent data loss. Restoration efforts prioritized returning systems to normal operational status while maintaining continuity for unaffected educational activities, with no specified timeline provided for full resolution at the time of reporting.