Cyber Incident Victim: Paris Lodron Universität Salzburg

On the night leading to Monday, March 28, 2022, Paris Lodron Universität Salzburg (PLUS) experienced a disruptive cyberattack that triggered an IT security alarm. The attack specifically targeted the university's email infrastructure, prompting immediate intervention from technical experts who disconnected the affected mail server from the network to contain the breach. Compromised accounts included all employee email addresses using the @plus.ac.at domain, estimated to total approximately 3,000 individual addresses. University leadership confirmed that student email accounts and online teaching platforms remained unaffected throughout the incident. Rector Hendrik Lehnert publicly stated the institution had control over the situation, emphasizing operational continuity despite the disruption. Internal IT staff collaborated with external cybersecurity specialists to prioritize damage assessment and system restoration efforts.

The full scope and motivation behind the attack remained undetermined at the time of reporting, with investigators unable to confirm whether data exfiltration had occurred. Response teams focused on forensic analysis and remediation while maintaining core university functions unrelated to the compromised email system. This incident occurred within a broader regional context of heightened cyber threats, as Salzburg had experienced multiple high-profile attacks in preceding months. Notably, hackers had successfully paralyzed the entire IT infrastructure of Salzburg Milch during a separate incident the previous year. The university's containment strategy centered on isolating critical systems, though the persistence of vulnerabilities in institutional or regional networks was not addressed in available communications.