Cyber Incident Victim: Lakehead University
Date:
Feb 2021
Location:
Canada
Summary
Lakehead University experienced a cyberattack targeting its file share servers, prompting an immediate shutdown of its campus network and servers to contain the incident. The disruption affected all institutional services, including online learning platforms, email, academic resources, and payment systems, hindering student access to coursework, communications, and assignment submissions. An investigation is assessing compromised servers and potential exposure of stored credentials or sensitive data, while the institution advised affected individuals to reset passwords. Campus computers remained offline, events were canceled, and academic deadline adjustments were under consideration pending service restoration efforts.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Lakehead University experienced a cyberattack targeting its file share servers, prompting its Technology Services Centre (TSC) to shut down all server access on February 16, 2021. This action resulted in a full campus network outage affecting the Thunder Bay and Orillia campuses, with services remaining offline through at least February 21. University personnel physically powered down campus computers to contain the attack's spread, though officials did not publicly confirm whether ransomware or other specific malware was involved. The immediate containment measures rendered all file share server data inaccessible and prevented use of on-campus workstations. An ongoing investigation sought to determine which servers and data were compromised, with no disclosure regarding potential exposure of personal or financial information. The university advised individuals who stored credentials in documents on affected systems to proactively change passwords, suggesting possible unauthorized access concerns. Service disruptions extended to the institution's primary website, email systems, and digital learning platforms, creating widespread operational paralysis.
The network outage forced cancellation of all university events scheduled for February 19, including virtual campus tours and webinars. Academic operations faced severe disruption as students lost access to Google Workspace tools (Gmail, Docs), course materials, library resources, and assignment submission portals. Many could not communicate with instructors or retrieve academic schedules during midterm preparation periods. Payment systems and deadline-critical transactions were similarly impacted, though university leadership had not finalized decisions regarding assignment deadline extensions or exam deferrals despite student petitions. Restoration efforts prioritized resuming classes by February 22, though no definitive timeline existed for full service recovery. The institution maintained operational silence regarding attacker identity, intrusion methods, ransom demands, or data exfiltration while continuing forensic analysis of compromised systems.