Cyber Incident Victim: York University
Date:
Apr 2020
Location:
Canada
Summary
A cyber attack described as "extremely serious" targeted York University, corrupting multiple servers and workstations. The institution's IT team responded by severing internet connections and disabling numerous online systems to limit the breach's impact, though critical student portals for financial aid, tuition, and academic records remained offline afterward. All individuals were required to reset passwords following the incident. The student union criticized the administration's communication approach as insufficient, relying solely on website updates rather than direct notifications. External forensic experts assisted an ongoing investigation into the attack, which reportedly mitigated significant potential damage through rapid containment efforts.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On April 30, 2020, York University experienced what it described as an "extremely serious" cyber attack that corrupted multiple servers and workstations. The university's IT department responded by immediately severing the institution's internet connection and shutting down numerous online systems to contain the breach, actions that reportedly limited the attack's scope and severity. By May 4, critical student portals remained offline, including systems for accessing OSAP applications, tuition fee payments, and winter semester final grades. The university mandated password resets for all students, faculty, and staff as a security precaution but did not confirm whether any sensitive personal data had been exfiltrated during the incident. External forensic investigators were engaged to assist with the ongoing inquiry, which officials cautioned would require additional days to complete due to its complexity.
The prolonged system outages disrupted administrative and academic functions days after the initial attack, with no restoration timeline provided by Chief Information Officer Donald Ipperciel despite assurances that teams were working to reinstate services "as quickly as possible." The York Federation of Students criticized the administration's communication strategy, noting the absence of direct notifications to affected individuals beyond website and social media updates. Cybersecurity expert Claudiu Popa emphasized the heightened risks posed by the attack's focus on institutional servers, highlighting universities' repositories of sensitive current and historical student data. Popa further noted that withholding technical details of the attack hindered broader sector-wide defenses, as threat actors frequently target multiple organizations within specific industries using refined methodologies. The university maintained that its rapid containment response had prevented significantly worse damage but did not disclose specifics about the attack vector or potential attribution.