U.Va. Responds to Cyber Attack on Portions of IT Systems

Thomas Jefferson Statue in front of the Rotunda

Aug. 16 UPDATE: U.Va. Completes Upgrades to IT Systems After Cyber Attack 

The University of Virginia announced today (Aug. 14) that it is responding to a cyber attack on portions of its information technology systems.

Federal authorities notified the University of a possible intrusion originating from China, and the University confirmed on June 11 that attackers illegally accessed portions of its systems. Upon becoming aware of the attack, the University engaged Mandiant, an internationally recognized cybersecurity firm, to immediately help the University investigate the nature of the attack and to take corrective action.

Officials said the investigation indicated that no personally identifiable information—such as Social Security numbers and banking information - or personal health information was accessed by the attackers.

There is also no evidence that sensitive research material was accessed.

The University is also working with federal authorities during the course of its investigation.

“The security of information and other data stored on University systems is a high priority, and we are working diligently to address this matter,” Executive Vice President and COO Patrick D. Hogan said. “The University is in the process of upgrading security systems to further strengthen the security of data and information stored on University resources and to help prevent future cyber attacks.”

The system security upgrade will begin at 5:00 p.m. ET on Friday, Aug. 14. The upgrade is anticipated to be completed by the evening of Sunday, Aug. 16. During this period of time, access to many University systems, including University email accounts, will not be possible.

The University is also requiring all users to change their Eservices login passwords after the system upgrade is complete.

The system upgrade will not affect the U.Va. Medical Center as its information technology resources are on a separate secured system that was not targeted by attackers, officials said. Patient services will not be affected, and U.Va. Health System employees will have access to their systems and Health System email accounts.

Hogan said the system upgrade is taking place over a weekend and prior to the return of students and faculty returning to Grounds for the start of the academic semester so as to minimize disruptions. First-year residence halls are scheduled to open on Aug. 21.

When the system upgrade is complete, an email message and text message will be sent via U.Va. Alerts to users who have registered for the text message service. The community can also check www.virginia.edu and its.virginia.edu to find answers to additional questions and to check the status of the system upgrade.

For technical questions related to the system upgrade or the password change, members of the University community affected by the system upgrade can call the U.Va. Help Desk for IT at 4-HELP (434-924-4357) or toll-free 866-469-4866. For general information about this incident, please call toll-free 877-939-6228.

“Cyber attacks and other information technology threats have grown rapidly in recent years. These attacks occur in many places, including institutions in the public and private sectors, government and institutions of higher education, and the attacks come in many different forms,” Hogan said in a message to the University community about the incident and the system upgrade. “We appreciate your cooperation, and more importantly your patience, as our dedicated teams of professionals work diligently to upgrade our systems and further enhance the University’s information technology infrastructure.”

Media Contact

Anthony P. de Bruyn

Office of University Communications