Skip to main content

Frequently Asked Questions

Frequently Asked Questions

Page last updated 16/02/2021, (previous update 04/11/2020)

What happened?

(Information added 07/09/20, last updated 16/02/21)

On Sunday 30 August 2020, we became aware that the University had suffered a serious cyber incident which caused operational disruption across our networks and IT systems. 

What did you do to fix it and how long did it take?

(Information added 07/09/20, last updated 16/02/21)

We invoked our full incident response plans on Sunday 30 August 2020. The incident management team worked to complete their assessment on the scope of the incident and to stabilise the situation, so as to be able to recover the University’s systems and services as safely as possible.

The aim was to do this as quickly as possible in order to minimise the impact on colleagues, our students, and our partners, but at the same time, as safely and securely as possible.

Initially, it was not possible to give a timeline for resolution.  We provided updates throughout the course of our ongoing investigation, and as soon as we had further information we could share, we provided an update.

If I lost my University email access, who did I need to contact?

(Information added 11/09/20, last updated 16/02/21)

Anyone who lost access to email was asked to contact NUIT by calling 0191 2085999 or by emailing it.servicedesk@ncl.ac.uk using the term “Account Reactivation” in the subject heading. NUIT colleagues advised on getting accounts safely reactivated.

Could the University still welcome students at the start of term?

(Information added 10/09/20, last updated 16/02/21)

Our semester commenced as planned on 28 September and we had business continuity arrangements in place to register our students.  Initially, we registered over 1,000 Medicine and Dentistry students who started with us.  We welcomed other students as planned.

Our teams worked extremely hard to ensure this group of young people - who had already been through so much over summer as a result of Covid – were able to start at Newcastle as planned.

What investigations were carried out into the cyber incident? 

(Information added 10/09/20, last updated 16/02/21)

The University has a large and extensive IT estate with many systems.  Each system was checked carefully and thoroughly to understand the extent of any damage and to preserve any evidence for the Police.  We were as open as we could be during this phase with both our staff and students, without risking compromising or delaying the investigation. We apologise for the disruption this caused to our staff, students and partners.  Our IT colleagues worked hard on the systems recovery plan, and to support the Police and the National Crime Agency with their enquiries.

How does the University record and collect account information for staff and students, such as passwords? 

(Information added 10/09/20, last updated 16/02/21)

The University uses industry-standard tools and processes to record and protect account information and, in particular, passwords.  We follow NCSC guidance on password practices. 

Was my research safe? 

(Information added 07/09/20, last updated 16/02/21)

We took steps to secure and protect data stored on NUIT-managed systems.

This did not include any data stored locally or on faculty managed servers. Individuals who maintain their own local systems were advised to make appropriate checks and seek advice from NUIT if they were unsure.

Were my bank details safe? 

(Information added 07/09/20, last updated 16/02/21)

We found no evidence that payroll data had been compromised and the University online payment system had not been impacted by the IT incident. 

Our online payments portal is managed off-site by our payment services provider and is not held on Newcastle University servers. 

Newcastle University, along with our Payment Services provider, adheres to a set of strict industry standards meaning we are compliant in our payment processing and your card details are protected and safe.

If you wish to make a payment, you can do so securely by debit/credit card at https://payments.ncl.ac.uk/

Were colleagues paid on time?

(Information added 11/09/20, last updated 16/02/21)

We accelerated some of our processes so we could be confident that colleagues were all paid on time.

Which services could I still use?

(Information added 11/09/20, last updated 16/02/21)

The vast majority of colleagues had IT and email access and were able to do their normal job.  In addition:

  • Office365 including email, Zoom and Teams were working well and our meetings and communications were working normally.
  • Canvas, our new VLE, was working.
  • The Philip Robinson Library was open for “Click and Collect” and the Marjorie Robinson Library Rooms were open for pre-booked study space. The service for both of these was working normally.
  • Our student payment gateway was working and we were guiding self-funding students to correctly access the service.
  • Purchase orders were being issued, bills and expense claims were being paid, student payments were made on time in September and tuition fees and other payments were collected.
  • Our recruitment system was working and we were able to handle the vast majority of colleague queries.
  • Research proposals were being costed using workaround processes and costing templates
  • Student services were available as normal for remote access and we progressed plans for the reopening of campus-based facilities
  • Business Warehouse was working and we could produce management information on relevant activities.

Was my personal information compromised?

(Information added 04/11/20, last updated 16/02/21)

From the investigation, we found that some personal data affecting staff and students had been made publicly available.

This data was from the Global Address List on the Outlook email system, some of which was available on the University’s external websites, and contained:

First name
Last name
User ID (e.g. nxx12)
Job title (for staff)
Department/Unit/School
University landline phone number (for staff)
A version of your University email address

In addition, for students it included:
Course studying and UCAS course number

The University is continuing to investigate the cyber-incident and it is not yet possible to provide further information.

Please be assured that the University uses industry-standard tools and processes to record and protect account information, including passwords. Newcastle University takes the security of our systems extremely seriously and this remains the subject of a Law Enforcement investigation. Our team in NUIT is working with these agencies to address the issue.

Which email address version has been extracted from the Global Address List (GAL)?

(Information added 04/11/20, last updated 16/02/21)

The extract contained a partial internal representation of the X.500 version of the email address and not the more commonly recognisable ‘friendly’ combination of initials and last name eg. A.N.Other2@newcastle.ac.uk or the SMTP version.

Was any of my saved work lost?

(Information added 07/09/20, last updated 16/02/21)

The University continues to investigate the cyber incident.  It was possible any changes to data made on Saturday 29th and Sunday 30th August 2020 may not have been saved so we advised colleagues to check this. 

How long did you estimate it would take to fully restore access to the systems?

(Information added 07/09/20, last updated 16/02/21)

We made progress with the technical work to assess the full extent of what happened and to restore full service. We said from the start, this would take some time to fix and we prepared for further unexpected disruption to services for several weeks.

Did NUIT handle the system restoration?

(Information added 07/09/20, last updated 16/02/21)

We needed assistance from system users in some cases and we made contact (if this was the case) via the Faculty IT managers.

What were the implications for my relationship with external partners?

(Information added 07/09/20, last updated 16/02/21)

A statement was published for our external partners at www.ncl.ac.uk/itservice/latest-news/partners-alumni-updates/ 

Did colleagues and students need to reset passwords?

(Information added 07/09/20, last updated 16/02/21)

We worked through recommendations from both our internal support teams and third parties.  We assessed the need to reset all NU user accounts but asked users not to do this until they were notified.

Were the systems accessible from campus?

(Information added 07/09/20, last updated 16/02/21)

Access was the same on-campus and off-campus.  We let users know, with as much notice as possible, if this needed to change.

How did this affect the start of term (both staff and students)?

(Information added 07/09/20, last updated 16/02/21)

The priority was to ensure materials were available for on-campus and on-line induction and on-line teaching ready for the start of the semester.  This meant developing new materials as a contingency should access to existing materials not be available.  All colleagues and students could access common Microsoft packages via their Office365 login at www.office.com.  When creating new materials we asked users to save items to their University OneDrive for Business so they could be uploaded into restored systems at a later date.

NUProjects

Last update 16/02/2021, (previous update 08/09/2020)

NUProjects was initially unavailable due to the cyber incident.

The following FAQs were posted on 08/09/2020 to support applications and awards for external funding:

How do I go about costing applications for external funding in the absence of NUProjects?

Alternative methods of costing and approving applications have been put in place in order to enable applications to continue to be prepared and submitted. Colleagues should liaise with the relevant Research Officer / Project Support Team in the normal way for the costing of research applications. For consultancy and CPD projects, you should liaise with the Commercial Projects team.

Application details will be retrospectively inputted into NUProjects when the system becomes available again.

I am the recipient of a research award and need the RES account to be set-up so that I can access the funding. Is this possible?

Yes. Alternative methods of setting up projects have been put in place however urgent cases will be prioritised e g where recruitment or a funder invoice is required. A copy of the award letter/contract will be required as normal. Similar alternative methods have also been put in place for consultancy and CPD projects which may require urgent account set-up.

The necessary data will be retrospectively inputted into NUProjects when the system becomes available again.

 

 

Page last updated 16/02/2021