Edinburgh’s Heriot-Watt University has entered a second week of woe following a vist by an infosec nasty.
The 200-year-old institution’s IT team first referred to the crisis as a “security incident” but a spokesperson confirmed to The Register that it was a cyber attack.
A week on, things remain resolutely broken. VPN? Down. Oracle R12 Finance System? Down. Staff shared areas? Down. Even staff and student directories remain unavailable, hinting at some severe trouble within the university’s on-premises infrastructure.
The spokesperson added: “The incident was contained immediately and staff and students alerted to allow them to be supported using alternative systems. We are working closely with Police Scotland and specialist advisers to investigate the cause of the incident which will allow us to further strengthen our future security.”
They added: “We can confirm that there has been no data leak but while this attack is part of a police investigation we cannot comment further.”
Cloudier services such as Teams and email are operating normally, according to the university’s status page, as is SharePoint, Oracle ERP, and student and staff portals.
Heriot-Watt awarded a £5 million contract to Oracle for its Cloud ERP Software back in 2020.
Judging by emails seen by the The Register, the experience has not been entirely happy, and the dream of efficiencies brought forth by the implementation has yet to be realized and budgets rising.
A source close to the action told us that the R12 system should have been retired, but was lingering as users got to grips with the new Oracle Fusion platform.
The Register understands that shortly after a payslip whoopsie (in which university staff were apparently warned that historic payslips and P60s would need to be hurriedly printed out since payslips were not part of an impending migration to a new system), large chunks of IT infrastructure at the university fell victim to a cyber attack.
A year ago, the UK’s National Cyber Security Centre (NCSC) warned that attacks were on the increase and urged educational institutions to be vigilant. Shortly after, the University of Hertfordshire was forced to pull the plug on its systems after an incident of it own. Other establishments, including Newcastle University, were also the focus of cyber crooks.
Heriot-Watt is therefore not the first to suffer a cyber attack. However, the timing (while a migration appears to be under way) is unfortunate.
We fear this university won’t be the last to suffer an incident of this type. ®