HAW Hamburg falls victim to a cyber attack

The Hamburg University of Applied Sciences fell victim to a serious cyber attack at the turn of the year. The IT services and the internal processes of the university are restricted.


Universities and other educational institutions are a popular target for cyberattacks around the world. This is proven by a listing of KonBriefing Research for the years 2021 and 2022. According to the security researchers, universities usually communicate very openly when they have been hit by a cyber attack – also because a large number of students are usually affected. The number of unreported cases in this area is therefore likely to be relatively small – unlike in the case of companies, which often conceal cyber attacks in order to avoid PR scandals. The youngest victim in this listing, the Hamburg University of Applied Sciences (HAW), was attacked on December 29, 2022.


Cyber attack sequence

According to a message from HAW Hamburg, the attackers are said to have started their access from a decentralized IT system . From there they are said to have penetrated further into the university’s systems until they were finally there with admin rights on the central storage systems. This allowed them to start encrypting virtualized platforms and deleting backups. It is highly probable that the attack also leaked personal data from students. The HAW states that it is working through the incident with an IT crisis management team and an external service provider.


Procedure of HAW Hamburg

In order to avoid further damage, the entire communication infrastructure was shut down as a precaution, as the HAW explained in its statement. Of course, this results in drastic restrictions on critical IT services that affect the entire university and all of its areas. When which IT services will be available again is currently not foreseeable, as the damage assessment is still ongoing.

The university’s web team also announced that they are working to restore particularly important services such as the central identity management system as quickly as possible. In addition, they want to check HAW computers for compromise before they are used again.

Since the students are unable to access exam preparation and other services as a result of the cyber attack, the university has decided to initially extend the deadlines for homework by three weeks. It is also currently not possible to register for or de-register for exams – appearing for the exam itself is therefore counted as registration, a separate de-registration is not necessary.