University of Sunderland online lectures cancelled following cyber attack

Students at the University of Sunderland are still unable to access online lectures following a suspected cyber attack earlier this week.

Telephone lines, IT and email systems, as well as the university’s website and mobile application remain inaccessible.

Staff and students are also unable to communicate over Microsoft Teams or the university’s Canvas virtual learning environment (VLE), which are used to access coursework and feedback, or submitting assignments.

The university campus remains open, but students are unable to use many on-site services, including WiFi and printing. Students are also unable to access the library PCs, loan a laptop, or read ebooks and online journals.

The “extensive IT issues” have “all the hallmarks of a cyber attack”, the university announced in a statement, adding that it is cooperating “with a number of agencies, including the police, to find out what exactly has happened and the extent of the problems”.

With online classes cancelled, students are being urged to attend in-person lectures, bringing the university’s hybrid learning approach to a halt.

Steve Bradford, SVP EMEA for cloud security provider SailPoint, told IT Pro that the hybrid approach makes students dependent on “the online world” more than ever before.

“But cyber threats pose a major risk to this – as we already see with the suspected attack on Sunderland University. In the space of a few minutes, threat actors had the power to bring down websites and IT systems, causing unprecedented disruption,” he said.

Hackers could have potentially gained entry using the influx of new students in the last few weeks, as the university returned to campus late last month.

“With many new students starting at once and acquiring a range of logins, and many universities migrating to the cloud environment, higher education institutions need to be extra vigilant here,” he said, adding that educational institutions, including universities, should ensure they’re in line with “best practices for cyber security”.

The news of the disruption comes weeks after Howard University in Washington DC was hit by a ransomware attack which forced it to cancel classes for two days.