Cyber Incident Victim: University of Sunderland
Date:
Oct 2021
Location:
United Kingdom
Summary
A cyberattack caused widespread IT disruptions at the University of Sunderland, leading to prolonged outages across telephone systems, email servers, the official website, library WiFi, on-premise device access, printing services, and student portals for academic resources. The institution, collaborating with law enforcement and other agencies, established an alternative communication channel via a temporary domain while maintaining face-to-face teaching and campus support services. With systems remaining offline during containment efforts and no recovery timeline provided, students faced significant academic and administrative challenges, including visa application deadlines. The incident's scale and impact align with patterns of ransomware attacks targeting educational institutions, though the university did not explicitly confirm this attribution.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On October 12, 2021, the University of Sunderland experienced a cyberattack that caused widespread disruption to its IT infrastructure. Initial system disruptions emerged on Tuesday morning, leading to prolonged outages across critical services. The attack rendered all telephone lines inoperable, took down the university’s official website, and disabled primary email servers. Library WiFi networks, on-premise computer and laptop access, printing services, and all student-facing online portals became unavailable, preventing access to eBooks, academic journals, and other digital resources. The university confirmed the incident as a cyberattack but did not specify the attack vector or identify threat actors. By October 14, systems remained offline with no estimated restoration timeline, as the institution was still in the containment phase of its response.
The university established an alternative communication channel at <https://uostoday.sunderland.ac.uk/> to provide limited updates, though it emphasized this portal could not restore services. With approximately 20,000 students affected, the outage disrupted academic activities, particularly for those facing urgent deadlines such as visa applications or coursework submissions. The university advised students to monitor its social media for announcements, as its sole operational inbox was overwhelmed. Campus-based services continued where possible, with face-to-face teaching maintained and physical help desks deployed for guidance. The institution collaborated with law enforcement and external agencies to investigate the incident’s scope and origins. While ransomware was not explicitly confirmed, the scale of the outage aligned with patterns observed in prior attacks against UK universities, including TU Dublin and Newcastle University. A 2020 national survey cited in reporting indicated 25% of UK universities had experienced ransomware incidents since 2013, highlighting the sector’s vulnerability to such disruptions. The university prioritized system restoration but acknowledged the potential for data compromise as an inherent risk of the incident.