Cyber Incident Victim: National College of Ireland
Date:
Apr 2021
Location:
Ireland
Summary
A ransomware attack targeted the National College of Ireland, causing significant IT disruptions that forced systems offline, including learning platforms, library services, and student portals. The institution suspended campus access, postponed classes and assessments, and engaged IT teams and external providers for restoration efforts, though no clear timeline for full recovery was initially available. Authorities including data protection regulators and law enforcement were notified, while students were assured no late penalties would apply during the outage. Concurrently, another Irish higher education institution experienced a separate ransomware incident impacting backups and systems at one campus, though initial investigations found no evidence of data compromise.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The National College of Ireland (NCI) experienced a ransomware attack over the weekend of April 3, 2021, forcing the institution to take its IT systems offline. The attack disrupted critical services, including Moodle (the learning management system), the Library service, and the MyDetails portal for current students. NCI publicly acknowledged the incident on April 3, suspending all access to IT systems and closing its physical campus to students and staff pending restoration efforts. By April 5, the college confirmed through social media that IT staff and external providers were working to restore services but could not provide a clear timeline for full recovery. NCI formally notified Ireland’s Data Protection Commissioner and the national police service (Gardaí) about the breach. Academic operations were severely impacted, leading to the postponement of all classes, assessments, and induction sessions scheduled from April 6 to April 8. Students with pending assignments were assured no late penalties would apply during the outage, with further updates promised by April 8 regarding resumption plans beyond that date.
Concurrently, the Tallaght campus of Technological University Dublin (TU Dublin) suffered a separate ransomware attack on the morning of April 1, 2021, compromising both primary IT systems and backup infrastructure. TU Dublin confirmed the attack did not affect its City or Blanchardstown campuses. The university restricted access to Tallaght systems, advising students to avoid using campus IT resources until April 12 while internal teams and external partners worked on restoration. Secure remote access to some critical services remained available, though the ICT Helpdesk suspended operations during the investigation. TU Dublin stated no evidence indicated data exfiltration or unauthorized access to personal information at that preliminary stage. Both incidents occurred amid a broader FBI warning about increased Pysa ransomware targeting educational institutions in multiple countries, though no attribution was confirmed for the Irish attacks.