Hackers who brought Eindhoven University of Technology’s systems to a standstill was able to operate undetected for five days before campus security intervened.

A report commissioned by the university found that the hackers were able to obtain wide-ranging access to its internal network and came close to stealing critical files that could have been used for a ransomware demand.

The report by security specialist firm Fox-IT said TU Eindhoven’s response was “exemplary” when it discovered the attack, but the incident exposed shortcomings in its digital security.

The university took its internal network offline during the night of January 11 and 12 after noticing suspicious activity, just as the hackers were attempting to take control of the network.

Its actions successfully prevented the attack, but students were locked out of their email and study materials, forcing the university to reschedule some exams.

VPN access

The hackers had gained access on January 6 by logging in to the university’s VPN network, which was not covered by multi-factor authentication (MFA).

MFA requires users to complete a second check after typing in their password which is often time-limited, making it harder for hackers to break in. TU Eindhoven had been due to install MFA on its vulnerable systems later in 2025.

The report also found that the internal system had previously been compromised and users told to change their passwords, but many of them had reverted to old passwords and not been blocked from doing so.

Fox-IT’s report said the university’s response should serve as a model for other institutions threatened with cyberattacks. “TU/e demonstrated exemplary incident response and crisis management, responding rapidly and effectively even during the challenging hours of a weekend night.”

Fox-IT was unable to identify the hackers, but said it was likely to be a ransomware group attempting to shut down or remove files and demand money to reinstate them.

Universities are popular targets for ransomware criminals. In 2020 Maastricht University reportedly paid several hundred thousands euros to a group that broke into its systems and locked away files on Christmas Eve.