Cyber Incident Victim: University of Hertfordshire
Date:
Apr 2021
Location:
United Kingdom
Summary
A cyberattack severely disrupted the University of Hertfordshire's IT infrastructure, causing widespread outages affecting online learning platforms including Office 365, Teams, and Zoom, alongside local networks, Wi-Fi, email, data storage, and VPN services. The incident forced the cancellation of all online classes and restricted access to on-campus computer facilities, labs, and remote specialist software, though in-person attendance remained possible where computer access wasn't required. While assignment submissions faced potential delays, the institution assured students they would not be academically disadvantaged. The nature of the attack was unspecified, though recent ransomware trends targeting educational institutions were noted as context for the disruption.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 4 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On April 14, 2021, the University of Hertfordshire experienced a severe cyberattack that disrupted all its IT infrastructure. The attack rendered critical systems inoperable, including Office 365, Microsoft Teams, Zoom, local networks, Wi-Fi, email services, data storage solutions, and VPN access. This widespread outage forced the university to cancel all online classes scheduled for April 15 and 16, significantly impacting academic operations during a period of remote learning. Physical campus facilities remained accessible to students for activities not requiring computer access, though all computer labs, Learning Resource Centers (LRCs), and campus Wi-Fi were unavailable. Remote access to specialized software and university-managed PCs was also disabled, limiting research capabilities and coursework completion.

The university activated contingency measures to minimize academic disruption, explicitly assuring students that assignment deadlines would accommodate the technical limitations caused by the attack. Its system status page, last updated approximately 17 hours after the incident began, reflected ongoing remediation efforts across all affected services. While the specific attack vector was not publicly confirmed, the incident coincided with a National Cyber Security Centre (NCSC) advisory warning about increased ransomware targeting educational institutions. The NCSC had highlighted risks including permanent loss of student coursework, compromised financial records, and exposure of COVID-19 testing data in similar attacks. The University of Hertfordshire did not disclose evidence of data exfiltration or specify whether ransomware was deployed, focusing communications on operational impacts and recovery timelines.
