News
In July 2025, a wave of cyber incidents hit educational institutions across multiple continents, highlighting just how vulnerable the academic sector remains to digital threats. From Brazil to India, and from the United Kingdom to Singapore, universities are grappling with data breaches, website defacements, and phishing campaigns. These attacks not only disrupt academic operations but also compromise the personal data of thousands of students and staff. This month’s roundup explores major incidents that underscore the growing need for cybersecurity resilience in higher education.
Cyberattack Disrupts Federal University of Piauí, Brazil
On Saturday, July 12, a cyberattack disrupted several institutional services at the Federal University of Piauí (UFPI). The issue was first detected around 2:30 PM and persisted into Sunday, with system instabilities affecting key operations.
According to an official university statement, the Superintendence of Information Technology (STI) immediately launched diagnostic procedures. Early analysis revealed that some infrastructure servers had crashed due to memory overload. One critical database server had even reached full storage capacity, indicating a severe resource exhaustion.
More (in Portuguese): https://www.ufpi.br/ultimas-noticias-ufpi/1107-destaques-ufpi/62508-nota-informativa-instabilidade-nos-sistemas-sig-e-diagnostico-tecnico-em-andamento
Cyberattack on the website of a university in India
On Monday, July 8, the official website of Himachal Pradesh University was hacked and defaced with anti-India slogans and a disturbing image of the national flag being burned. The site was quickly taken offline for maintenance, but university officials have yet to file a formal complaint.
This cyber vandalism comes at a sensitive time, as students rely heavily on the university’s digital infrastructure for online counseling and administrative processes.
More: https://diarytimes.com/2025/07/08/himachal-university-website-hacked-pro-pakistan-slogans-displayed/
BYU-Pathway Data Incident – after cyberattack statement
Brigham Young University–Pathway Worldwide reported a significant data breach involving unauthorized access to a vendor’s account between June 17 and June 24, 2025. The breach affected the personal information of 25,136 individuals in the U.S.
Exposed data includes names, Social Security numbers (if provided), contact information, account IDs (excluding passwords), gender, marital status, religious affiliation, and academic records. On July 14, BYU-Pathway began notifying affected individuals. The breach was formally reported to Attorneys General in California, Massachusetts, Texas, and Maine.
More about the incident https://cybernews.com/privacy/byu-pathway-breach-exposes-student-data/
Legal Investigation: https://straussborrelli.com/2025/07/21/byu-pathway-worldwide-data-breach-investigation/ and here: https://databreachattorney.net/data-breach-alert-byu-pathway-worldwide/
The BYU-Pathway Worldwide published the Notice of Data Breach https://oag.ca.gov/system/files/2025%2007%2014%20US%20Student%20Notification%20Preview%20-%20BYU-Pathway_0.pdf and – on 14th July – the statement on their website: Statement and FAQ on BYU-Pathway Data Incident.
Phishing Scam Hits University of Hull, UK
A phishing attack targeted staff and students at the University of Hull, compromising 196 accounts. Fraudsters sent fake emails claiming that university accounts were about to be closed, prompting users to “verify” their credentials. Once compromised, the accounts were used to send out money transfer requests.
This incident underscores the ongoing threat posed by social engineering tactics, particularly in academic environments with high user turnover.
BBC article: https://www.bbc.com/news/articles/crl0lpjr8pzo
Singapore is on high alert over cybersecurity threats
Singapore's Minister for Home Affairs and National Security, K. Shanmugam, sounded the alarm at the 10th anniversary of the Cyber Security Agency of Singapore (CSA) on July 18. He warned of increasing threats from state-sponsored advanced persistent threat (APT) actors targeting national infrastructure, including educational institutions.
The country previously experienced notable university intrusions in 2017 involving the National University of Singapore (NUS) and Nanyang Technological University (NTU), and continues to reassess its digital supply chains in response to the evolving threat landscape.
More: https://en.vietnamplus.vn/singapore-on-high-alert-over-cybersecurity-threats-post323091.vnp