Skip to content
ADVERTISEMENT
Sign In
  • Sections
    • News
    • Advice
    • The Review
  • Topics
    • Data
    • Diversity, Equity, & Inclusion
    • Finance & Operations
    • International
    • Leadership & Governance
    • Teaching & Learning
    • Scholarship & Research
    • Student Success
    • Technology
    • Transitions
    • The Workplace
  • Magazine
    • Current Issue
    • Special Issues
    • Podcast: College Matters from The Chronicle
  • Newsletters
  • Virtual Events
  • Ask Chron
  • Store
    • Featured Products
    • Reports
    • Data
    • Collections
    • Back Issues
  • Jobs
    • Find a Job
    • Post a Job
    • Professional Development
    • Career Resources
    • Virtual Career Fair
  • More
  • Sections
    • News
    • Advice
    • The Review
  • Topics
    • Data
    • Diversity, Equity, & Inclusion
    • Finance & Operations
    • International
    • Leadership & Governance
    • Teaching & Learning
    • Scholarship & Research
    • Student Success
    • Technology
    • Transitions
    • The Workplace
  • Magazine
    • Current Issue
    • Special Issues
    • Podcast: College Matters from The Chronicle
  • Newsletters
  • Virtual Events
  • Ask Chron
  • Store
    • Featured Products
    • Reports
    • Data
    • Collections
    • Back Issues
  • Jobs
    • Find a Job
    • Post a Job
    • Professional Development
    • Career Resources
    • Virtual Career Fair
    Upcoming Events:
    An AI-Driven Work Force
    University Transformation
Sign In
News

Just in Time for Fall Term, a Cyberattack Forces an Entire College’s Systems Offline

By Steven Johnson August 16, 2019
The campus of the Stevens Institute of Technology
The campus of the Stevens Institute of TechnologySharkface217, Wikimedia Commons

A debilitating malware attack has forced a college known for “powerhouse” cybersecurity programs to shut down all its systems, just as it prepares for the fall semester.

On August 8 the Stevens Institute of Technology noticed “system-access issues” and alerted users to what it later called a “very severe and sophisticated” cyberattack. The college disabled its systems and networks as a precaution, it said, apparently disrupting a swath of tasks needed to run the college: email, payroll, tuition payments, class scheduling, summer course assignments, its virtual private network, and more.

To continue reading for FREE, please sign in.

Sign In

Or subscribe now to read with unlimited access for as low as $10/month.

Don’t have an account? Sign up now.

A free account provides you access to a limited number of free articles each month, plus newsletters, job postings, salary data, and exclusive store discounts.

Sign Up

The campus of the Stevens Institute of Technology
The campus of the Stevens Institute of TechnologySharkface217, Wikimedia Commons

A debilitating malware attack has forced a college known for “powerhouse” cybersecurity programs to shut down all its systems, just as it prepares for the fall semester.

On August 8 the Stevens Institute of Technology noticed “system-access issues” and alerted users to what it later called a “very severe and sophisticated” cyberattack. The college disabled its systems and networks as a precaution, it said, apparently disrupting a swath of tasks needed to run the college: email, payroll, tuition payments, class scheduling, summer course assignments, its virtual private network, and more.

Stevens pushed back its deadline for tuition payments twice. It told student employees they had another week to clock their hours. It extended the summer term to August 25.

The college, a private research institution of about 7,000 graduate and undergraduate students in Hoboken, N.J., has said in updates on its website this week that it is making “very good progress.” Technicians have recently cleared more than 300 users for “critical” systems, the college said, and it expects to restore email this weekend.

A spokeswoman told The Chronicle that the college was still investigating, but it believes that the attack is “now contained” and has found no evidence that personal data have been exploited.

Experts warn that cyberattacks are a mounting threat to colleges, whose defenses lag behind. Last month the Education Department said hackers had reportedly targeted at least 62 colleges to create hundreds of fake accounts and potentially retrieve student records. (The department later said it had “not found any instances” of exploitation.) In March, The Wall Street Journal reported that Chinese hackers had targeted several prominent colleges in the United States to steal research for military use.

Stevens itself noted that it was “not alone in experiencing sophisticated malware attacks, which have been escalating in frequency and intensity worldwide.”

Colleges are racing to train enough experts in the field to stop those and other cyberattacks, which have threatened the country’s biggest companies, banks, and the U.S. government. Stevens, a member of the National Centers of Academic Excellence in Cyber Defense, a program run by the National Security Agency and the Department of Homeland Security, has previously billed itself as a leader in that effort.

Openness as Vulnerability

While it may be tempting to view that status as ironic in light of the hack, a college’s cybersecurity programs usually have “nothing to do with the operational security of the university IT system,” said Jonathan Katz, a professor of computer science at the University of Maryland at College Park and the director of the Maryland Cybersecurity Center.

ADVERTISEMENT

Stevens declined to specify details of the attack, citing “the ongoing forensic as well as law-enforcement investigation into the incident.”

“We look forward to welcoming all students to campus in the coming days,” the college said in an emailed statement. “Activities for new and returning student move-in and new-student orientation are proceeding as planned, and all students will have their schedules before their classes start.”

Since Wednesday the college has offered more details about its next steps and urged community members to reset their passwords and back up data.

The use of file-sharing systems like Google Drive and Dropbox “could be affected,” but the college expects to restore that soon. Data in other cloud-storage systems, such as Workday and Canvas, do not appear to be at risk, the college said.

ADVERTISEMENT

The attack appears to have targeted Windows systems. The college said mobile phones and Apple computers do not seem to have been threatened, though Windows tablets could have been.

Late Thursday night, the college said users could expect to hear by Friday or Saturday about how to get back onto email, Canvas, and Workday.

Colleges and universities have some challenges that maybe don’t exist as much in the corporate world.

“Colleges and universities have some challenges that maybe don’t exist as much in the corporate world,” Katz said. “Generally speaking, they like to be very open.” Nor do they usually have the sheer resources of an Equifax or a Capital One — two American companies that have been hit by major data breaches in recent years.

ADVERTISEMENT

But they should still follow best practices for cyberdefense, including two-factor authentication and regular updates of software, Katz said. They should also train users to resist “social engineering” attacks, like phishing attempts, that prey on human error.

Colleges may not view themselves as money pots for hackers, compared with other organizations, said Carl E. Landwehr, a research scientist at George Washington University’s Cyber Security and Privacy Research Institute. But they’re confronting their own susceptibility as targets rich with sensitive research and personal information.

The motives of Stevens’s hackers remain unclear. But colleges generally can offer “a source of ideas,” Landwehr said, “and I think they have to become more aware of that.”

Follow Steven Johnson on Twitter at @stetyjohn, or email him at steve.johnson@chronicle.com.

We welcome your thoughts and questions about this article. Please email the editors or submit a letter for publication.
Tags
Teaching & Learning Finance & Operations Technology Innovation & Transformation
Share
  • Twitter
  • LinkedIn
  • Facebook
  • Email
About the Author
Steven Johnson
Steven Johnson is an Indiana-born journalist who’s reported stories about business, culture, and education for The Chronicle of Higher Education, The Washington Post, and The Atlantic.
ADVERTISEMENT
ADVERTISEMENT

Related Content

At Least 62 Colleges Were Exploited by a Software Vulnerability. Here’s What You Need to Know.
Cybersecurity, Rising

More News

Black and white photo of the Morrill Hall building on the University of Minnesota campus with red covering one side.
Finance & operations
U. of Minnesota Tries to Soften the Blow of Tuition Hikes, Budget Cuts With Faculty Benefits
Photo illustration showing a figurine of a football player with a large price tag on it.
Athletics
Loans, Fees, and TV Money: Where Colleges Are Finding the Funds to Pay Athletes
Photo illustration of a donation jar turned on it's side, with coins spilling out.
Access & Affordability
Congressional Republicans Want to End Grad PLUS Loans. How Might It Affect Your Campus?
Florida Commissioner of Education Manny Diaz, Jr. delivers remarks during the State Board of Education meeting at Winter Park High School, Wednesday, March 27, 2024.
Executive Privilege
In Florida, University Presidents’ Pay Goes Up. Is Politics to Blame?

From The Review

A stack of coins falling over. Motion blur. Falling economy concept. Isolated on white.
The Review | Opinion
Will We Get a More Moderate Endowment Tax?
By Phillip Levine
Photo illustration of a classical column built of paper, with colored wires overtaking it like vines of ivy
The Review | Essay
The Latest Awful EdTech Buzzword: “Learnings”
By Kit Nicholls
William F. Buckley, Jr.
The Review | Interview
William F. Buckley Jr. and the Origins of the Battle Against ‘Woke’
By Evan Goldstein

Upcoming Events

Plain_Acuity_DurableSkills_VF.png
Why Employers Value ‘Durable’ Skills
Warwick_Leadership_Javi.png
University Transformation: A Global Leadership Perspective
Lead With Insight
  • Explore Content
    • Latest News
    • Newsletters
    • Letters
    • Free Reports and Guides
    • Professional Development
    • Virtual Events
    • Chronicle Store
    • Chronicle Intelligence
    • Jobs in Higher Education
    • Post a Job
  • Know The Chronicle
    • About Us
    • Vision, Mission, Values
    • DEI at The Chronicle
    • Write for Us
    • Work at The Chronicle
    • Our Reporting Process
    • Advertise With Us
    • Brand Studio
    • Accessibility Statement
  • Account and Access
    • Manage Your Account
    • Manage Newsletters
    • Individual Subscriptions
    • Group and Institutional Access
    • Subscription & Account FAQ
  • Get Support
    • Contact Us
    • Reprints & Permissions
    • User Agreement
    • Terms and Conditions
    • Privacy Policy
    • California Privacy Policy
    • Do Not Sell My Personal Information
1255 23rd Street, N.W. Washington, D.C. 20037
© 2025 The Chronicle of Higher Education
The Chronicle of Higher Education is academe’s most trusted resource for independent journalism, career development, and forward-looking intelligence. Our readers lead, teach, learn, and innovate with insights from The Chronicle.
Follow Us
  • twitter
  • instagram
  • youtube
  • facebook
  • linkedin