17 December 2025 - IT security Large-scale cyberattack repelled
A large-scale cyberattack aimed at bringing the university's IT services to a complete standstill was successfully repelled in time. After the advanced preparations for this attack were discovered, precautionary measures were immediately activated across the university to prevent further damage. Thanks to these measures, it was possible to continue to ensure the university's basic operations and ability to function.
Since then, a crisis team at the university computer center has been working closely with the relevant state authorities, in particular the Baden-Württemberg State Criminal Police Office under the technical direction of the Karlsruhe Public Prosecutor's Office, the Cybersecurity Agency (CSBW), and the bwInfoSec Federation, both on the ongoing defense against the attack and on IT forensics.
Extensive damage was prevented
In contrast to similar attacks on universities and colleges, the short-term, effective security measures ensured that Heidelberg University's central operations could be maintained. All IT services remained accessible, although some were only available via the university network or VPN. A complete shutdown of IT services or the complete disconnection of all services from the network was avoided. Targeted measures to harden Heidelberg University's IT systems have also been implemented in this context.
Availability of IT services
In particular, the measures of changing passwords and moving numerous IT services behind VPN have proven to be effective and appropriate.
It is foreseeable that some central services, such as the university's email service, will remain behind VPN. These measures will be maintained until at least the beginning of next year.
The IT services that are the responsibility of the faculties, facilities, and institutes will be gradually released for direct access from the Internet after thorough security checks. These checks focus not only on technical security measures, but also on the transparency of internal responsibilities. Complex issues will take a little more time.
If you notice any further functional limitations in the availability of your IT services that have not yet been reported to the URZ, please contact the relevant IT representatives to report them.
The IT service is also available digitally for technical support on weekdays from 9 a.m. to 1 p.m. during the Christmas holidays.
Outlook
In order to increase the university's digital resilience, the background to the events and possible medium- to long-term conclusions will be discussed as far as possible in the coming months as part of the review process, and potential measures will be derived.
