Dutch top technical university shuts down after cyber attack

[J65nko]

From https://www.dutchnews.nl/2025/01/ein...-cyber-attack/:

Quote:

Classes at Eindhoven University of Technology have been cancelled for the second day in row following this weekend’s cyber attack, because work on a new security system has not been completed.

“We are working methodically with all our might to get the TU/e’s network secure and eventually bring it back online, step by step, with the utmost care,” vice president Patrick Groothuis said on the university’s website.

[Head_on_a_Stick]

These attacks are becoming ever more common, in the UK we have now had sustained attacks on NHS infrastructure over the past few months:

https://www.bbc.co.uk/news/articles/c3vrk2e0xvwo

The stories have been curiously under-reported though — I live in London and the only reason I knew about the Merseyside attacks is because my family live there, it wasn't covered on the national news at all.

Call me paranoid but I would note how easy and cheap it would be for Russia & China to sponsor such activity. Far more cost effective than planes & bombs in terms of disruption.

[Onauk]

Quote:

Originally Posted by Head_on_a_Stick

Call me paranoid but I would note how easy and cheap it would be for Russia & China to sponsor such activity. Far more cost effective than planes & bombs in terms of disruption.

I don't think you are paranoid, CISA agrees with you [1] and I add to the list North Korea which is using ransomware to fund their cyber activity [2].

The situation is worrisome, in France we've had 10+ companies hacked in 2024, the worst case being our national employment centre where hackers got records on 1 to 1.5 million people [3].

[1] https://www.cisa.gov/topics/cyber-th...threats/russia
[2] https://www.cisa.gov/news-events/cyb...ries/aa23-040a
[3] https://next.ink/132025/france-trava...lles/#comments

[frcc]

Eindhoven University of Technology might want to change their emphasis to degree's relating to Arts instead of Technology. Yes, we have bad actor's. However we have good actors that are very capable of managing intrusion schemes. Of course without details of the breach, many comments are meaningless. However, i have observed in general many companies including those in the education field, lack funding, competent IT personnel, resources, etc to prepare their data for defense against attacks. It can be done but it is expensive. Living in the US I get notices frequently from Lifelock (Tm), IDX (Tm) etc identifying which companies recently experienced a data breach and whether my data was involved or not. Visit any doctors office and observe their protocols for personal data protection and handling. They are usually connected to a data broker firm where the data is ill protected. Its surprising to me that these breaches aren't worse. Companies in the US usually are forced to provide a years worth of credit monitoring when they are found to mishandle your data. It wont stop until fines and or prosecution enables class action suits for personal data loss on top of credit monitoring. It takes money and manpower to deflect these attacks, most here have a good prospective of how that is accomplished. I think as the cost of these attacks rise the defense will improve, CEO's, IT Managers, CFO's need to put more resources into this issue.

[shep]

Quote:

Originally Posted by frcc

in the US usually are forced to provide a years worth of credit monitoring when they are found to mishandle your data. It wont stop until fines and or prosecution enables class action suits for personal data loss on top of credit monitoring. It takes money and manpower to deflect these attacks, most here have a good prospective of how that is accomplished. I think as the cost of these attacks rise the defense will improve, CEO's, IT Managers, CFO's need to put more resources into this issue.

My data has been hacked 2x. The first was my health insurance provider who was being paid through my checking account. The second was my C-V after I did some contract work for the VA. In both instances I was offered one year of credit monitoring by a firm I knew nothing about. I looked at the enrollment process and they essentially wanted me to put all my personal data in one place. Seemed nuts from the standpoint of the credit monitoring firm getting hacked itself. The hackers would not have to string together disparate data from different sources.

I never used the firms and monitored it myself.

[J65nko]

UPDATE

The Eindhoven Technical University suffered a severe DDOS attack. No intrusion has yet been found or announced yet: https://eindhovennews.com/news/2025/...ht-red-handed/

[frcc]

Obviously there was a problem otherwise the system would not have been shutdown exposing the public to the issue. No mention of personnel data loss or if they suspect cyber blackmail or technical espionage. In addition their intrusion discovery is weak, DDOS? They also didn't mention if this is zero day exploit or older. Glad they feel secure, but from that article i wouldn't want my meager info there. They also did not according to the article reference similar attack vectors being reported in cyber times type venues, so that others may benefit.

[frcc]

And while we slept, Lifelock (Tm)advised us of another data loss at an educational related facility

What happened?

PowerSchool suffered a breach in December 2024 after an unauthorized user accessed their student information system, resulting in the possible exposure of Social Security numbers, medical data, full names, addresses, and more for up to 50 million students. To learn more about this breach, read PowerSchool’s official statement here.

https://www.powerschool.com/security..._rid=346977665

[frcc]

https://news.yahoo.com/over-60m-kids...114726163.html