Cyber Incident Victim: Hochschule Furtwangen University
Date:
Sep 2023
Location:
Germany
Summary
Furtwangen University suffered a cyber attack targeting its IT infrastructure, resulting in data encryption, deletion, and potential exfiltration—including possible personal data compromise. All systems were taken offline as a precaution, disrupting central services like learning platforms and libraries, though telephone services remained operational. The institution established an expert response team, initiated system restoration efforts, and implemented temporary measures including basic WiFi access while recovery continues. Academic activities proceeded with adapted formats due to ongoing technical limitations, with full restoration expected to take several weeks. Investigations into the attack's scope and data impact remain ongoing.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On September 18, 2023, Furtwangen University discovered a cyber attack targeting its IT infrastructure during the overnight period between September 17 and 18, though investigators could not rule out earlier intrusion attempts. The attackers encrypted or deleted institutional data, prompting an immediate shutdown of all university systems as a containment measure. This action rendered central services inoperable, including the FELIX learning platform, library systems, and network-dependent operations across all campuses. While the telephone system remained functional, the full scope of compromised systems remained undetermined as forensic analysis continued. Initial assessments confirmed that any device connected to HFU networks or accessing network drives via VPN during the attack window faced potential compromise. University management established an expert task force on September 18 to coordinate incident response and initiated regular video conferences to update staff. By September 27, investigators confirmed a high likelihood of data exfiltration during the breach, with personal data among potentially affected information sets, though specific compromised records remained unidentified.
The university maintained public updates through a dedicated FAQ webpage while prioritizing system restoration efforts. Basic Wi-Fi services were reactivated on the Furtwangen campus by early October, with plans to extend connectivity to Schwenningen and Tuttlingen campuses. Academic operations continued for the Winter Semester with pedagogical adaptations to accommodate technical constraints, while administrators worked to partially restore FELIX access. Prospective students faced delayed application timelines for Summer Semester 2024 due to ongoing infrastructure repairs. Physical service points were established across campuses to diagnose compromised devices, characterized by anomalous file extensions, missing documents, or unreadable data. The institution advised password resets via KeePass managers and heightened vigilance for spam originating from university accounts, authentication failures, and abnormal device battery drain. Forensic investigations by authorities remained active as reconstruction work continued through mid-October, with full technical recovery projected to require additional weeks.