IT Security Attack on Heidelberg University’s IT Infrastructure

The University Computing Centre (URZ) has implemented a number of targeted protective measures and a change of all passwords in response to preparations for a far-reaching attack on Heidelberg University’s IT infrastructure. The package of measures includes, among other things, migrating various digital services to protected areas. According to the URZ, these instruments have proven to be appropriate and effective since implementation began. 

While investigations are ongoing, the URZ crisis management team is working very closely with the relevant state authorities, especially the Baden-Württemberg State Criminal Police Office under the direction of the Karlsruhe Public Prosecutor’s Office. The Baden-Württemberg State Office for the Protection of the Constitution, the Baden-Württemberg Cybersecurity Agency, the State Data Protection Commissioner and the bwInfoSec university federation are also involved in this process.

The necessary security measures are affecting various digital services offered by Heidelberg University. For instance, email accounts as well as several websites and web applications are currently only available from within the university network or via VPN connection. The Computing Centre has expanded its support capacities in order to be able to assist university members with any problems they may encounter. User support provided by the IT Service, for instance, is currently also available on weekends.

The URZ crisis management team is working on establishing additional precautionary measures to restore access without a VPN connection for services that meet the required security standards. Regular operations can only resume fully once the official investigations have been concluded and the results are in. No further information can be provided at this time while investigations are ongoing.