University of Michigan "severs it's ties to the internet" after impacted by cyberattack
Learn More
The University of Michigan is reporting a cybersecurity incident that prompted the institution to shut down all its network systems and services.
One of the oldest and largest educational establishments in the United States, the University of Michigan boasts a substantial community, comprising more than 30,000 academic and administrative personnel, along with an approximate student body of 51,000 individuals.
The incident, categorized as a cybersecurity breach, resulted in extensive IT disruptions, causing interruptions in crucial online facilities such as
- Google services,
- Canvas - the learning management system,
- Wolverine Access - the university's online portal that provides students, and staff with access to a variety of administrative and academic services,
- and email functions.
Although the University's IT team was actively engaged in restoring the affected systems, the administration opted to disconnect the University's network from the internet as a precautionary measure due to the gravity of the situation.
No details are provided about the nature of the attack, and whether any confidential data was exposed/stolen.
A statement released on Sunday elaborated on this decision: "Sunday afternoon, after careful evaluation of a significant security concern, we made the intentional decision to sever our ties to the internet. We took this action to provide our information technology teams the space required to address the issue in the safest possible manner."
The shutdown encompassed both wired and WiFi connections across the campus, in addition to several critical systems such as M-Pathways, eResearch, DART, and those integral to student registration.
Some services like Zoom, Adobe Cloud, Dropbox, Slack, Google, and Canvas have been reinstated and can be accessed outside of the University campus network but availability remains unstable due to overwhelming usage.
The timing of the cyberattack is very unfortunate at the onset of a new academic year when both students and faculty are preparing for classes. The University's administration has decided to waive late registration and disenrollment fees for August.
Since the disrupted systems are crucial for students to access class-related information and navigate the sprawling campus, particularly in the initial days of the academic term, the University has pledged to grant special consideration to students regarding attendance and assignments. Additionally, it's been acknowledged that certain financial aid disbursements and refunds may be delayed due to the ongoing IT outage.
Update - as of 23rd October 2023 the university has confirmed that data of individuals has been exposed, inlcuding:
- Social Security numbers,
- driver's license numbers,
- government IDs,
- financial account information,
- payment card numbers,
- health-related data.
research study participants and patients of the University Health Service and School of Dentistry had their data accessed
- medical record numbers,
- diagnosis information,
- treatment history, and
- medication records .
About 230,000 people were impacted by the data breach. The university has taken several steps to address the situation, including credit monitoring for the affected individuals.
In an effort to support those affected by the breach, the university is providing free credit monitoring services for an unspecified period.
