Cyber Incident Victim: University of New Orleans
Date:
Mar 2023
Location:
United States of America
Summary
The University of New Orleans detected indicators of compromise in its network, prompting proactive shutdowns of campus internet, Wi-Fi, email, learning management systems, and administrative platforms. The incident impacted several other Louisiana colleges, with collaborative response efforts involving state police and homeland security agencies. Systems were partly restored within days, though disruptions persisted for some applications and multi-factor authentication became mandatory for certain services. Investigators worked to determine potential data compromise, with affected parties promised notification if breaches occurred. Security experts characterized the event as likely a cyberattack, noting its rapid containment and parallels to recent ransomware incidents at other regional universities. Louisiana institutions have faced multiple such threats in recent months, heightening concerns about higher education cybersecurity vulnerabilities.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On March 24, 2023, the University of New Orleans (UNO) detected an indicator of compromise (IOC) in its network systems, prompting immediate action to disconnect campus internet, Wi-Fi, email, Moodle, Workday, and PeopleSoft services. This proactive shutdown was synchronized with four other Louisiana institutions—LSU Agricultural Center, Nunez Community College, River Parishes Community College, and Southern University at Shreveport—following Louisiana State Police Cyber Crime Unit warnings of potential network compromises. The Louisiana Governor’s Office of Homeland Security and Emergency Preparedness (GOSHEP) and State Police collaborated with the schools to investigate and neutralize the threat. Forensic efforts focused on removing threat actor access and deploying enhanced security tools. UNO advised its 7,000 students and staff of the disruption via social media and Privateers Alerts, acknowledging significant academic and operational impacts, including canceled exams, inaccessible coursework on Moodle, and delays in administrative processes reliant on Workday and PeopleSoft.
By March 27, UNO had partially restored guest Wi-Fi, email, Moodle, and Zoom, though full access required multi-factor authentication. River Parishes Community College and LSU Agricultural Center resumed normal operations, with the former confirming its student data remained secure due to offsite hosting. Nunez Community College transitioned to remote classes until March 28, while Southern University at Shreveport extended virtual operations indefinitely. UNO President John Nicklow emphasized incremental service restoration and student support amid ongoing investigations into potential data breaches. Brett Callow, an Emsisoft threat analyst, attributed the incident to a likely cyberattack, noting the rapid recovery suggested early detection before full network encryption could occur. The incident followed a February cyberattack at Southeastern Louisiana University and a November 2022 ransomware breach at Xavier University, which compromised over 44,000 individuals’ data. Louisiana State Police and GOSHEP declined detailed comment due to active investigations, leaving unanswered whether data exfiltration occurred. UNO and Southern University at Shreveport pledged to notify affected individuals per legal requirements if breaches were confirmed.