Eindhoven University Overcomes Cyberattack with Swift Action
Eindhoven, Wednesday, 30 April 2025.
On January 11, 2025, Eindhoven University quickly shut down its networks during a cyberattack, demonstrating effective crisis management and reinforcing digital security measures.
Swift Detection and Response
The attack unfolded at 10:15 PM when René Wassink, head of infrastructure, platforms, and security at Library and Information Services (LIS), received alerts about suspicious system activity [1]. The university’s security team engaged in what Wassink described as a ‘battle with the intruders,’ leading to a critical decision to disconnect all network connections by 11:45 PM [1]. This decisive action proved crucial, as the university typically faces thousands of daily attack attempts [1].
Crisis Management and Coordination
The Central Crisis Team, under the leadership of Vice President Patrick Groothuis, mobilized immediately on January 12, 2025 [1]. A specialized team of approximately 25 IT experts from LIS conducted forensic investigations to assess potential damage and secure the systems [1]. The situation’s gravity is highlighted by the broader context of cybersecurity threats, as European organizations witnessed a 112% year-over-year increase in data extortion attacks [2].
Recovery and System Restoration
The university demonstrated remarkable efficiency in its recovery efforts, with 60 team members working intensively to restore and validate systems within a week of the attack [1]. The restoration process prioritized the education system, ensuring minimal disruption to academic activities. The university has implemented enhanced security measures, including a new VPN connection with multifactor authentication [1].
Future Security Measures
As part of its commitment to transparency and institutional learning, the university has commissioned external investigations by FOX-IT and COT, with reports expected by mid-May 2025 [1]. This incident occurs against a backdrop of increasing cyber threats, with global ransomware losses doubling to $42 billion in 2024 compared to 2021 levels [2]. Robert-Jan Smits, President of Eindhoven University of Technology, emphasized the broader implications, noting that ‘Attacks like SolarWinds and MOVEit proved one thing: you don’t have to be the target to suffer the damage’ [2].