University of Michigan internet still out, no details on security concern

• University of Michigan continues to restore online access after it shut down school internet services Sunday afternoon
• U-M has said little about the nature of the “significant security concern” that prompted the internet shut off
• One cybersecurity expert said there have been 56 ransomware incidents at postsecondary institutions in 2023

On Tuesday, the second day of fall classes, the University of Michigan Division of Public Safety and Security and federal law enforcement continued to investigate a “significant security concern” that prompted the university to cut off its internet services across its three campuses. 

As of Tuesday afternoon, university internet was still down, but administrators reported small gains. Students, staff and faculty can now authenticate their university accounts and access the university website when using off-campus or mobile internet, according to an update posted at 2:55 p.m. Tuesday. 

The university had also restored access to cloud services including Canvas, the learning management system that holds class syllabi and assignments. 

Thank you for your continued patience. Our team has made significant progress over the past 24 hours. All students, faculty, and staff can now authenticate into their U-M accounts and access https://t.co/e6gI8n3ToY when using off-campus or cellular networks. (1/3)

— UMich ITS (@umichTECH) August 29, 2023

A “significant security concern” had prompted the university to shut down its internet services Sunday afternoon, but U-M has released no details, saying that doing so “might compromise the investigation.” 

Officials Tuesday declined to answer whether the university suspects any data was stolen or whether the security concern was connected to a cyberattack to a third party vendor that affected the university’s hospital system earlier this year. They also declined to say whether the investigation was criminal in nature. 

Related:

• Student loan forgiveness could help 1.4 million in Michigan. What to know

• University of Michigan internet outage wreaks havoc on first day of class

• Graduate students settle strike at University of Michigan

In a message Tuesday afternoon, U-M President Santa Ono thanked students, faculty, staff, parents and visitors for their patience as the university works to “resolve this situation and restore access to online services and, ultimately, full internet access to our campus communities.” 

“While we will continue to share as much information as possible as this work progresses,” Ono wrote, “we are not able to share any information that might compromise the investigation. I appreciate your understanding as we move through the investigative process.”

A spokesperson for the FBI Detroit Field Office said she could not confirm nor deny if there was an FBI investigation but that the agency is “available to provide assistance to the University if and when it is requested.”

The U.S. Department of Homeland Security did not respond to an email requesting if the department was involved in investigating the security concern. 

Brett Callow, a threat analyst at global cybersecurity company Emsisoft, told Bridge Michigan he does not know what prompted the internet shutdown at U-M, but suspects the university detected a compromise in its network that “could, had it remained undetected, resulted in a ransomware attack.”

Ransomware attacks allow hackers to gain access to networks where, once inside, they can steal and then lock the computers that hold the stolen data. Then, the attackers request money in exchange for unlocking the computers and deleting the stolen data. 

College and university systems can be particularly challenging to secure because they are expected to be open to a wide group of people including staff, students and the community, Callow said. 

“They can't be locked down as tightly as, say, banks,” he said. “So yeah, security can be more challenging. Plus some educational institutions do have budgetary constraints.” 

Callow said there have been 56 postsecondary schools in the U.S. impacted by ransomware this year and at least 50 of those had data stolen. He said he does not know how many institutions paid money to retrieve that data and prevent the data from being released. 

UCLA was among dozens of institutions and companies that had data stolen during a cyberattack in June. 

As of 3:50 p.m. Tuesday, the university’s Ann Arbor campus website had a message at the top of its front page directing people to its website and Twitter for updates. 

“The team, working around the clock, is making strong progress,” the message reads. “We will have several more systems back online today.”