Cyberattack expected to cost South East Technological University €2.3m

It left staff and students without internet access or access to internal emails
The cyberattack at South East Technological University's (SETU) Waterford campuses was first detected in November 2024. File photo

The cyberattack at South East Technological University's (SETU) Waterford campuses was first detected in November 2024. File photo

The bill from a cyberattack that caused significant disruption to South East Technological University's (SETU) Waterford campuses in 2024 is expected to top €2.3m.

According to SETU’s annual report, the direct costs associated with the cybersecurity incident that targeted the technological university’s IT systems currently stand at €1.9m.

The higher education institution also expects to incur further costs of up to €400,000 for replacing hardware that is no longer compatible with new end-to-end protection.

The cyberattack at SETU was first detected in November 2024, and left staff and students without internet access or access to internal emails. The attack became apparent as the campus was marking the conferring of students at the facility.

At the time, SETU said the incident was identified at “the earliest possible stage” and its IT team had moved swiftly to safeguard IT systems.

In a statement issued at the time, SETU said “there was no evidence to suggest that any data or information had been compromised”. In its latest annual report, the technological university said the incident caused some operational disruption.

It engaged an external security provider to investigate the incident, it added.

“Additional investigation is being undertaken by the National Cyber Security Centre (NCSC) and the university is also working with the Garda National Cyber Crime Bureau (GNCCB). 

"Review by external consultants as to the extent and cause of the incident has been carried out," it said, adding that the university is "taking steps to rebuild the network and strengthen the associated security systems".

SETU is not the first Irish educational institution to be hit with a cyberattack in recent years. A 2023 cyberattack at Munster Technological University (MTU) has cost the institution €4.2m in direct costs.

The university has also received Circuit Court legal proceedings from a data subject linked to the attack. As a result of the attack, MTU’s Cork campus was temporarily closed following the IT breach and phone outages.

A ransom was demanded, but MTU refused to engage. Since the attack, new systems and enhanced controls have been introduced, and KPMG has been engaged by MTU to review and implement measures.

Procurement breach

Separately, SETU's annual report also disclosed a procurement breach. 

Over several years, scrap metal, to the value of around €20,000, was disposed of without following university procedures, it noted.

The proceeds were then retained on a petty cash basis within the department and used to purchase small tools and equipment.

This was outside of normal procurement procedures.

Whistleblowers

Workers at SETU also submitted three protected disclosures, the annual report noted. 

One was deemed not to be a protected disclosure. Two matters remain under review.

SETU was formally established in 2022. It has campuses in Waterford, Carlow, Wexford, and Wicklow.

x

More in this section

Lunchtime News

Newsletter

Get a lunch briefing straight to your inbox at noon daily. Also be the first to know with our occasional Breaking News emails.

Cookie Policy Privacy Policy Brand Safety FAQ Help Contact Us Terms and Conditions

© Examiner Echo Group Limited