Analysis: Dutch TU/e hack caused by known vulnerabilities and human error

The cyberattack on Eindhoven University of Technology (TU/e) in January shows the organization’s vulnerability to digital threats. The incident makes it clear that minor shortcomings can lead to major disruption.

A research report by Fox-IT shows that the attack was largely due to known vulnerabilities and human error. For example, multi-factor authentication was not yet mandatory for VPN access, although this was already planned. Access was also gained via accounts previously known to have been compromised. TU/e had asked users to change their passwords, but the system allowed them to reset their old passwords simply. This was a missed opportunity to prevent the attack, with far-reaching consequences.

Entire network offline for a week

The attack was detected at the right moment, thanks in part to an alert IT employee and the SURFsoc service. In collaboration with FoxCERT, their rapid response led to the drastic but effective decision to take the entire network offline. This prevented the attackers from encrypting or exporting data, as is common in ransomware operations.

In hindsight, keeping TU/e offline for a week proved to be a necessary measure. It gave the organization the time and peace of mind to thoroughly investigate the incident, restore systems, and ensure that no backdoors had been left behind. Nevertheless, the damage is considerable. Students, lecturers, and researchers were without access to essential IT systems for a week.

Efficient criminal group

Fox-IT’s forensic investigation also shows that the attackers used standard tools and techniques. This points to an attacker of medium to low complexity – not an advanced state hacker, but an efficiently organized criminal group. The attack could have been prevented with relatively simple measures.

The incident at TU/e exposes a fundamental problem in higher education: the balance between openness and security. Universities have a high degree of autonomy, a dynamic user base, and a culture that prioritizes collaboration and accessibility, making them particularly vulnerable. The question is whether institutions adequately defend themselves against such attacks.

Also read: Can 2.5 billion euros keep ASML in the Netherlands?

Analysis: Dutch TU/e hack caused by known vulnerabilities and human error

Entire network offline for a week

Efficient criminal group

AWS Transform reaches GA: legacy gets the boot

Atos unveils ‘Genesis’ plan: four-year transformation to become a healthy company

ServiceNow aims to disrupt Salesforce with new AI-based CRM

No time to wait in the era of agentic AI

SentinelOne further delivers on Purple AI promise with new Athena release

CyberArk and SentinelOne join forces for better identity security

The impact of AI on autonomous cybersecurity

Purple AI takes SentinelOne platform to the next level

Ontdek de kracht van Microsoft Copilot in het MBO

Thales on Tour

Kaseya DattoCon Europe

Nutanix Cloud Day Nederland 2025

Nürnberg Digital Festival 2025

GITEX DIGI_HEALTH 5.0 - Thailand

How to choose the right Enterprise Linux platform?

Try the latest high-end Synology backup system for free

Enhance your data protection strategy for 2025

Strengthen your cybersecurity with DNS best practices

AI & Data Architect