Cyber Incident Victim: Newcastle University

On September 4, 2020, Newcastle University experienced a cyberattack attributed to the DoppelPaymer ransomware group, which had previously targeted companies associated with Elon Musk, including SpaceX and Tesla. The incident began with unauthorized access to university systems, leading to the shutdown of multiple IT services as part of containment efforts. At approximately 10:00 that morning, attackers exfiltrated a backup file from the university’s infrastructure. The attackers subsequently issued a ransom demand, threatening to release stolen data unless payment was made. Following the university’s refusal to comply, DoppelPaymer publicly disclosed proof of their access by leaking a portion of the exfiltrated files. Notably, the initial data dump did not contain personally identifiable information of students or staff, though the group implied additional sensitive data would be released if demands remained unmet.

Newcastle University officially acknowledged the breach as a “cyber incident” but did not confirm whether ransom negotiations occurred or whether any payment was made. The attack caused operational disruptions across campus systems, though the university did not specify the full scope of affected services or the duration of downtime. DoppelPaymer’s tactics mirrored previous campaigns, leveraging data exposure threats to pressure victims, though no further leaks were documented in the immediate aftermath of the initial disclosure. The university did not publicly detail its incident response protocols, forensic findings, or data recovery timelines beyond confirming the theft of the backup file. The attackers’ focus on coercive data disclosure rather than immediate destruction suggested a financially motivated operation targeting institutional reputation.