Cyber Incident Victim: Cégep régional de Lanaudière
Date:
May 2024
Location:
Canada
Summary
A cyberattack disrupted operations at Cégep régional de Lanaudière, forcing the immediate closure of its four campuses and suspending classes for approximately 7,000 students during a critical academic period. The incident compromised several servers, prompting an ongoing investigation by cybersecurity firm StreamScan to determine its origin. While monitoring dark web activity has not yet indicated any suspected data leaks, the attack caused significant academic interruptions, with classes canceled for at least three days. This follows a trend of similar incidents affecting Quebec colleges, including a previous attack on another institution that also halted operations. The provincial government has allocated dedicated funding to bolster cybersecurity defenses across colleges in response to such threats.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On May 3, 2024, Cégep régional de Lanaudière experienced a cyberattack that disrupted operations across its four campuses in Joliette, Terrebonne, and L’Assomption. The college initially announced an unspecified "incident informatique" on Friday, forcing immediate campus closures. By Sunday, May 5, the administration confirmed via email that specific servers had been compromised in a cyberattack, extending the suspension of all classes until at least Tuesday, May 7. This disruption affected approximately 7,000 students during a critical period near the end of the academic session. No details regarding the attack vector or specific compromised systems were disclosed publicly. The college’s communication emphasized that external cybersecurity experts were actively investigating the incident but did not confirm whether ransomware or data exfiltration occurred.
The college retained Montréal-based cybersecurity firm StreamScan to conduct around-the-clock forensic analysis and dark web monitoring. As of May 5, investigators found no evidence suggesting unauthorized data leaks. Administrative communications remained limited, with the college unreachable for further comment by Monday morning. The incident mirrored a May 2022 attack on Collège Montmorency in Laval, which similarly forced operational suspensions. Quebec’s 2024-2025 budget referenced these threats, allocating $7 million over five years to bolster cégep cybersecurity defenses, specifically citing rapid response capabilities for attacks and unauthorized data disclosure risks. No threat actor attribution, financial demands, or data restoration timelines were disclosed in available reports.