Cyber Incident Victim: University of the Highlands and Islands
Date:
Mar 2021
Location:
United Kingdom
Summary
The University of the Highlands and Islands experienced a cyberattack causing widespread system and network disruptions across all campuses, resulting in canceled classes. The institution engaged external partners to isolate and mitigate the incident, maintaining that no personal data was compromised, though the attack's origin remained unidentified. Online classes continued unaffected under existing COVID-19 restrictions, while practical sessions proceeded on campuses with guidance from local staff.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 0 motives | 0 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On or around March 7, 2021, the University of the Highlands and Islands in the U.K. experienced a cyberattack that disrupted its systems and networks across all campuses. The incident forced the institution to cancel classes on the day of discovery, though the exact timing of the initial intrusion remained unspecified in public statements. University officials publicly acknowledged the ongoing incident through both a Twitter announcement and a formal statement on their website. They characterized the event as an active cyber incident requiring immediate containment efforts, though they did not disclose technical details about the nature of the attack or initial intrusion vectors. Response actions involved collaboration with external cybersecurity partners to isolate affected systems and minimize operational impacts, though specific containment measures weren't elaborated. The university explicitly stated it did not believe personal data had been compromised during the incident, though no forensic evidence supporting this assessment was shared publicly at the time. No threat actor claimed responsibility, and the institution reported the attack's origin remained under investigation.
Despite the widespread network disruptions, the university maintained online instruction for most students where technically feasible, leveraging existing remote learning infrastructure originally implemented for COVID-19 restrictions. Certain practical classes requiring physical attendance continued under direct coordination between students and local campus contacts, indicating partial restoration of campus operations or segmented network availability. The cyberattack's primary operational impact centered on canceled in-person activities rather than complete institutional paralysis, suggesting targeted disruption rather than comprehensive system destruction. No information was provided regarding affected systems beyond generic references to networks and campus infrastructure, nor were recovery timelines or financial impacts disclosed. The university maintained public communication through its digital channels throughout the initial response phase while continuing investigation into the incident's root cause and full scope.