Cyber Incident Victim: Nunez Community College
Date:
Mar 2023
Location:
United States of America
Summary
Several Louisiana colleges, including Nunez Community College, proactively shut down internet systems and associated services after state police identified indicators of compromise, disrupting campus operations. The institutions collaborated with state emergency preparedness and cybercrime units to negate threats, rebuild affected network components, and implement enhanced security measures. Restoration efforts progressed gradually, with some campuses resuming limited services like email and Wi-Fi while continuing remote instruction during recovery. Investigations into potential data exfiltration or broader impacts remain ongoing, with affected parties to be notified if personal information was compromised. The incident occurred amid a broader trend of cyberattacks targeting educational institutions nationally.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On March 24, 2023, Louisiana State Police Cyber Crime Unit identified potential indicators of compromise within the networks of multiple higher education institutions, prompting five schools—University of New Orleans (UNO), LSU Agricultural Center, Nunez Community College, River Parishes Community College, and Southern University at Shreveport—to proactively shut down their internet systems. The coordinated takedowns disabled campus internet, Wi-Fi, email services, learning management systems like Moodle, and administrative platforms such as Workday and PeopleSoft. UNO announced the measures on Twitter, citing collaboration with the Governor's Office of Homeland Security and Emergency Preparedness and Louisiana State Police to address the potential threat. River Parishes Community College Chancellor Quintin Taylor characterized the action as a response to a "cyber risk that needed immediate attention," noting off-site student information systems remained unaffected. Nunez Community College and Southern University at Shreveport posted public advisories about network disruptions, with Nunez suspending in-person classes on March 27 and planning remote operations until normal services could resume the following day.
By March 26-27, UNO and Southern University at Shreveport partially restored networks, including email, Zoom, and limited Wi-Fi, though guest Wi-Fi and other applications remained offline. UNO confirmed law enforcement investigations into possible data compromise, pledging breach notifications if personal information was exposed. Southern University extended virtual classes indefinitely. Though no institution confirmed ransomware involvement, recovery timelines for most services were uncharacteristically swift. Earlier incidents contextualized the attack: Southeastern Louisiana University had suffered a cyberattack three weeks prior, and Xavier University of Louisiana disclosed a November 2022 breach compromising 44,000 individuals’ data. State police supported forensic reviews across all five schools while facilitating network reconstructions with enhanced security tools. The disruptions impacted thousands of students and staff, necessitating leniency for connectivity issues during coursework. No further data exfiltration or encryption incidents were reported post-restoration, though investigations remained ongoing at the time of reporting.