The Hacking of Munster Technological University

Last week, news broke of a significant data breach at Munster Technological University, Cork. The hack resulted in the university shutting their doors until Friday, 10th of February, and greatly impacted the students, staff and alumni of MTU. 

On the evening of February 6th, an email was sent to all Munster Technological University students stating that the university had a ‘significant IT breach’ that affected both online and telephone services, and that the university would be closed for a number of days.

While the situation is ongoing, many students struggle to adapt to post-hack MTU and search for information on the incident.

Who are Munster Technological University, Cork?

Munster Technological University, abbreviated to MTU, is a multi-campus technological university that aims to support and encourage the pursuit of learning across the country. 

According to MTU’s website, the University: “contributes to the region through the provision of academic programmes that support student development, and opportunities, education and research”. MTU has six campuses across Kerry and Cork, and their student body is growing significantly by the year. 

With a student population of 18,000 people, MTU is home to students of every nationality. The University is currently home to over 1,000 international students, coming from 125 different countries. 

• https://babylonradio.com/how-does-a-foreigner-easily-integrate-into-irish-society/

Eddie Scully, International Manager at MTU, says the University is a great place to make friends, play sports and join the various societies available to all students. MTU also offers study abroad opportunities as part of several courses available at the university, encouraging a well-rounded and globalized graduate.

• https://babylonradio.com/finding-accommodation-in-ireland-5-things-to-know/

How Did It Happen?

The university insists that the data breach was ‘detected at an early stage’ and that they were assessing the situation at hand. 

However, MTU did not disclose what data, if any, had been accessed during the breach, and remained closed until Friday, 10th of February. 

• /https://www.irishtimes.com/ireland/education/2023/02/09/mtu-cork-confirms-it-suffered-ransomware-cyber-attack-as-campus-remains-closed/

Upon the reopening of the university, the MTU Students Union stressed the importance of being vigilant for any unusual behavior following the data breach, including scam emails, calls, and texts. The Students Union released various posts via their social media platforms informing students of the signs of scam communication and encouraging students not to connect to the university WIFI, resulting in essential tools such as Canvas, an online learning platform for MTU, or Library Printing becoming unavailable. 

What is Hacking?

In order to fully discuss the data breach at Munster Technological University, we must examine what hacking actually is. 

Malwarebytes describes the act of hacking as “activities that seek to compromise digital devices, such as computers, smart phones, tablets, and even entire networks”. Hackers, those who are committing the hacking, are usually motivated to commit this act by financial gain, information gathering or protest. 

• https://www.malwarebytes.com/hacker#:~:text=Hacking%20refers%20to%20activities%20that,Cybersecurity%20Basics

However, not all hacking is done maliciously. 

There are some hackers who hack various databases and gather information for good, not evil. The practice is referred to as Ethical Hacking, with companies even paying hackers to breach their databases and improve the companies security. 

Examples of Ethical Hacking or hacking for the greater good include the activism group, Anonymous, who have hacked various governments and government institutions to expose wrongdoing. 

Unfortunately, the hacking of MTU was not for the greater good. 

A data breach of the magnitude of MTU can have devastating consequences on companies and institutions. As well as having access to your name, address and phone number, hackers would also have access to your personal information, including PPS numbers, which would leave you open to a serious threat of identity theft. 

Munster Technological University was not the only institution impacted by hacking in recent years. 

In September 2021, the technology giant Apple was targeted by a spyware group called Pegasus who had infected iPhones and other Apple devices through a ‘zero click exploit’, giving Pegasus power over the users device. This breach forced Apple to re-evaluate its safety measures and patch up the problem.

Apple Data Breaches: Full Timeline Through 2022

However, Apple is not alone. A study done by Samsung suggests that six in ten Irish businesses have been victim to hacking in 2022 alone, with 20% experiencing data breaches and 17% experiencing phishing scams. 

The Response to the Hack

Some of MTU’s students were unhappy with the university’s approach to the data breach, with one student stating: “I don’t feel like the college gave us enough information on what was happening, or what data had been accessed. Even coming back to the college, we weren’t told to change any of our passwords, we can’t access the internet or canvas. I feel like I’ve really been left in the dark”. 

Who is Responsible?

The group that is thought to be responsible for the data breach of MTU are known as ALPHV, also known as BlackCat or Noberus, and are believed to be based in Russia or part of the former Soviet Union. 

While the reason for the hacking is unknown, many theories suggest that the hack was for financial gain, as the group sent a ransom note to MTU, demanding an undisclosed amount. Failure to pay the ransom would lead to the retrieved data being released to the dark web, resulting in threats of identity theft or fraudulent activity. 

• https://www.breakingnews.ie/ireland/munster-technological-university-working-with-gardai-after-cyberattack-1429808.html

The Aftermath

As stated, the data breach attack had a significant effect on Munster Technological University and their students. 

As a result of the attack, MTU, who are represented by Imogen McGrath SC, Stephen Walsh BL and instructed by Arthur Cox Solicitors, have gained an emergency temporary injunction preventing anyone who is currently in possession of the stolen data to release from publishing, making it publicly available or releasing any of the data. 

However, reports have recently surfaced that the stolen data from MTU has been released to the dark web. 

The university cannot confirm what personal data is available on the dark web, but has begun the process of contacting those affected by the breach.

MTU students are not the only one’s affected by the significant data breach. 

Seán Freeman, MTU Alumni, discloses that the data breach has severely impacted his current work: “ I need my transcript of grades from MTU so I can get into an online SEAI Training Course I’m doing with work, but can’t get it due to the hack and I don’t know when the service will be available again, and this could potentially mean that I will miss out on the course”. 

• https://www.cisecurity.org/insights/blog/how-youre-affected-by-data-breaches#:~:text=Breach%20impacts,identity%20monitoring%2C%20and%20so%20on.

An Ongoing Situation 

The situation of the data breach at Munster Technological University is ongoing, and has greatly impacted students, staff and Alumni at the University. 

The advice given by the university to those who have been impacted is to stay vigilant for scam emails, calls and texts, while the situation is still under investigation.