Cyber Incident Victim: Technische Universiteit Eindhoven
Date:
Jan 2025
Location:
Netherlands
Summary
A cyber-attack prompted TU Eindhoven to proactively shut down its network to contain the incident, disrupting all network-dependent systems including email, Wi-Fi, learning platforms, and internal telephony. Educational activities were canceled for at least two days, while campus buildings remained accessible with limited services—card readers functioned, but canteens closed except for one location, and parking barriers stayed open due to system failures. ICT experts detected suspicious server activity overnight and initiated the shutdown to prevent escalation, though no data theft had been confirmed during the ongoing investigation. Restoration efforts prioritized caution, with systems projected to resume by the following weekday. The university maintained emergency contact capabilities via an external phone line and advised vigilance against potential phishing attempts exploiting the disruption.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 0 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On January 12, 2025, TU Eindhoven (TU/e) proactively shut down its entire network following the detection of suspicious server activity indicative of a cyber attack. ICT staff first observed anomalous behavior at approximately 21:00 on January 11, prompting an overnight decision to isolate systems. The university confirmed the incident as a cyber attack but withheld specific technical details pending investigation, noting no immediate evidence of data exfiltration. By Sunday morning, all network-dependent services became inaccessible, including email, Wi-Fi, the Canvas learning management system, Microsoft Teams, internal telephony, parking barriers, and canteen payment systems. This forced cancellation of all lectures and educational activities through at least Monday, January 13, during the final instructional week of Quartile 2—a period typically reserved for exam preparation and catch-up sessions.
Containment measures preserved physical campus access, with buildings remaining open and card reader systems functional for entry. Emergency services remained reachable via mobile phones through the external emergency number (0402472222), though internal phones were inoperable. Limited exceptions included Atlas building canteens, which implemented alternative payment solutions, while other campus eateries closed due to non-functional cash registers. University leadership, represented by Vice-President Patrick Groothuis, emphasized the shutdown's necessity to prevent escalation, acknowledging disruptions to students, staff, and campus partners. ICT teams retained administrative access to systems for forensic analysis and restoration efforts, projecting a tentative recovery by Tuesday, January 14, pending further updates. TU/e maintained centralized communication through its website, warning stakeholders about potential phishing campaigns exploiting the disruption and advising vigilance against suspicious communications.