In a bizarre incident, to comply with the legal requirements imposed by the German National Research and Education Network (DFN), 38,000 students of Justus Liebig University (JLU) in Gießen, Germany, had to stand in queues to get new passwords post a massive cyber-attack which took down the University network on December 8, 2019.
The severity of the cyber-attack can be gauged from the fact that the entire IT and server infrastructure of the University had to be taken offline as soon as the attack was detected. Dr Joybrato Mukherjee, President of JLU Professors, noted that the incident was marked as “severe”.
In an open letter he stated that this incident also affected the examination administrative department. The University cannot provide its students degree certificates, transcripts or any exam certificates unless restoration of services is completed.
JLU authorities have distributed close to 1200 USB sticks loaded with anti-virus software to the professors, institutes, and departments within the University. This is the first wave of combing operations on part of JLU which scans for generic viruses. The second wave of scanning contains a search for specific type of cyber-attack which targeted the University network.
Meanwhile, the 38,000 students and staff of JLU were asked to stand in a queue with their ID cards and a personalized JLU chip card containing a photo to receive new passwords for their email accounts. This may seem a bit bizarre and old-school but JLU is a member of the German National Research and Education Network (DFN). To adhere to its regulations, the new passwords can only be issued personally as per legal guidelines of the DFN.
JLU has also formed a crisis management committee that has been working with the authorities and cybersecurity experts to establish the extent of the damage and restore online services at the earliest.
In a similar incident of cyber-attack and data breach, around 50,000 students in Australia using Get, an events-scheduling application, had their private data exposed online. The issue came into light after a user reported that he’s able to access other users’ information, including name, date of birth, email addresses, Facebook ID details, and phone numbers.