Cyber Incident Victim: Tennessee State University
Date:
Feb 2023
Location:
United States of America
Summary
Tennessee State University experienced a significant cybersecurity incident involving a ransomware threat that disrupted campus operations, prompting the shutdown of internet access and critical systems including VPN services, external websites, and academic platforms such as MyTSU and Banner Services. The university’s IT team addressed the suspicious network activity by isolating systems and conducting an investigation amid concerns over potential data exposure, though no confirmed breach of student or faculty information was initially reported. This incident underscores the ongoing challenges faced by underfunded historically black institutions in maintaining robust network defenses against such cyberattacks, leading to prolonged service outages and reliance on alternative communication methods for academic continuity.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On February 26, 2023, Tennessee State University (TSU) detected highly suspicious activity across multiple computers within its network, prompting administrators to classify the incident as a potential ransomware attack. The university immediately took its systems offline as a containment measure, initiating an investigation while disabling all campus internet access. By March 1, TSU officially confirmed the event as a “ransomware threat” and notified its 8,000+ students that critical systems would remain offline until at least March 3. Remote access to essential platforms—including MyTSU, Banner Services, VPN, and Citrix—was suspended, though students retained limited access to email accounts, Zoom, and campus computer labs. The IT team urged students to contact instructors directly via email or phone regarding coursework disruptions, emphasizing the institution’s commitment to data integrity and ransomware mitigation.
The university’s March 6 update clarified that the incident remained classified as a “ransomware threat” rather than a confirmed attack, though core network services were still partially disabled pending restoration. Investigations continued alongside remediation efforts, with no official confirmation of whether student or faculty data was compromised. TSU acknowledged potential obligations to issue data breach notifications if personal information was exfiltrated. Operational disruptions affected multiple departments, including campus police, which lost email access, and academic staff, who advised students to document connectivity issues preventing assignment submissions. The outage underscored broader vulnerabilities among historically underfunded HBCUs, as referenced in contextual reporting about prior ransomware incidents targeting similar institutions. While Southeastern Louisiana University experienced a separate cyberattack days earlier, prompting Louisiana State Police involvement, TSU’s incident remained distinct in scope and response timeline.