Cyber Incident Victim: Nova College
Date:
Dec 2022
Location:
Netherlands
Summary
A cyberattack targeted Nova College before the Christmas break, prompting precautionary external system shutdowns that disrupted access to internal systems for approximately 12,500 students and 1,200 staff. This outage prevented students from retrieving grades or schedules via the student portal. While the investigation remains ongoing with no public confirmation of the attack type, partial system restoration has since occurred, allowing limited portal access to resume. The institution operates across multiple campuses and serves students aged 16 and older.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In late November or early December 2022, Nova College experienced a cyberattack that disrupted its operational systems, prompting the institution to proactively disconnect affected systems from external access as a containment measure. This precautionary shutdown occurred shortly before the scheduled Christmas break, impacting all 12,500 students and 1,200 staff members across campuses in Beverwijk, Haarlem, Haarlemmermeer, Hoofddorp, IJmuiden, and Harlingen. The isolation of systems prevented access to critical internal platforms, including the Nova Portal used by students to view grades, schedules, and course materials. Employees also lost access to collaborative workspaces and department-specific sites hosted on the compromised infrastructure. While the exact attack vector remained undisclosed during initial investigations, the incident necessitated immediate suspension of digital services to prevent potential escalation or data exfiltration.
Partial system restoration occurred approximately one week after the initial disruption, with Nova College confirming limited reactivation of the Nova Portal by early December 2022. Students regained the ability to log in and access basic portal functions, though full operational recovery of all ICT systems remained incomplete at the time of reporting. The college maintained public communication through its primary website while internal investigations into the attack’s origin and methodology continued, with external cybersecurity experts likely engaged based on the precautionary measures taken. No data breaches or ransomware demands were publicly disclosed during this phase. Academic operations faced minimal physical disruption due to the timing coinciding with holiday closures, though digital service interruptions persisted for backend administrative functions. The institution’s finance department, headquartered in Haarlem, maintained separate contact protocols for invoice processing via [email protected] throughout the incident, suggesting segmented system resilience for critical financial operations. Recovery efforts prioritized student-facing services while forensic analysis proceeded to determine attack attribution and scope.