Cyber Incident Victim: Technological University of Dublin
Date:
Apr 2021
Location:
Ireland
Summary
The Technological University of Dublin experienced a ransomware attack targeting its Tallaght campus, encrypting on-site ICT systems and backups, rendering them inaccessible. Cloud-based services such as Moodle, email, and Microsoft Teams remained operational but faced potential intermittent disruptions during ongoing system reviews. The incident prompted collaboration with external cybersecurity experts and statutory authorities, including data protection and law enforcement agencies, to investigate the breach and restore services. Recovery timelines were undetermined, leading to advisories for students to avoid campus ICT equipment and direct inquiries to IT support. The attack exclusively impacted the Tallaght campus, with other campuses unaffected.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On April 1, 2021, the Technological University of Dublin's Tallaght campus experienced a significant ransomware attack that disrupted its entire on-site ICT systems. The incident began in the early hours of Thursday morning, with the university later confirming the cause as ransomware that encrypted critical infrastructure and backups stored locally on campus. This encryption rendered primary ICT systems inaccessible to users, though cloud-based services including Moodle, email, and Microsoft Teams remained operational during the initial phase. The university immediately initiated a review of these cloud systems to confirm they hadn't been compromised, while warning users about potential intermittent disruptions and reduced functionality in the coming days. The attack exclusively affected the Tallaght campus, with no impact reported on the City or Blanchardstown campuses' ICT systems. University leadership, including Principal Thomas Stone, communicated the incident to students via email within hours of detection, emphasizing that no definitive restoration timeline existed for the encrypted on-premises systems.
The university mobilized Computer Services staff from across its campuses, supported by external cybersecurity specialists, technical consultants, and legal advisors, to investigate the attack's origin and scope while working to restore services. Authorities including Ireland's Data Protection Commissioner and An Garda Síochána (national police) were notified as part of mandatory breach reporting protocols. Students received strict instructions to avoid campus ICT equipment until at least April 12, 2021, and to refrain from contacting IT support directly unless through department heads for critical issues. Academic operations continued remotely using unaffected cloud platforms, though the encryption of local backups complicated recovery efforts. The incident occurred during Ireland's Level 5 COVID-19 restrictions, which already limited campus attendance, minimizing immediate educational disruption. University leadership committed to providing regular updates through official channels and student union consultations while focusing on system restoration and security remediation.