Hackers gained access on 10 November to Princeton University’s database, which contained the personal information of individuals connected to the institution — alumni, donors, and students. In October, similar breaches struck the University of Pennsylvania in Philadelphia and Harvard University in Cambridge.
These episodes are not isolated anomalies but part of a broader pattern. In recent years, attacks on universities worldwide have grown markedly more frequent. Each such incident entails not only the costs of investigation and system restoration, but also weeks — sometimes months — during which staff lose access to email, research services, and other digital tools essential to their work.
“The volume of cyberattacks is not decreasing,” says Harjinder Singh Lallie, a cybersecurity specialist at the University of Warwick in the UK. According to him, universities are attempting to strengthen their defences, but the measures are still insufficient — especially against attacks augmented by artificial intelligence. Such tools allow intruders to compromise systems faster and with far less effort.
Cybersecurity researcher Toby Murray of the University of Melbourne in Australia observes that in the current geopolitical climate, as competition between nation-states intensifies, universities remain particularly attractive targets. It is not always possible to determine where an attack originates, but some incidents are attributed to groups operating in the interest of governments. Ransomware is frequently used — encrypting data or locking systems until a ransom is paid.
Compared to corporations and government agencies, universities are more vulnerable for several reasons. They store large volumes of valuable information: personnel records, research results, intellectual property. At the same time, their infrastructure is complex and heterogeneous. A single campus may host outdated systems long overdue for updates alongside modern services used by thousands of students, staff, and external partners. This patchwork makes securing the environment significantly more challenging. “It will only get worse,” warns David Bato, security director at Jisc, the organisation responsible for digital infrastructure in UK higher education. “Prevention alone is no longer enough. The systems need resilience.”
A UK government survey conducted from August to December last year shows that educational institutions face cyber incidents more often than many other sectors. The report states that 91% of universities and 85% of further-education colleges were targeted at least once in the past 12 months. In Germany, security tests found serious vulnerabilities in roughly one in five research organisations, and 97% of university leaders themselves are considered at risk — often through phishing emails. “Hundreds of attack attempts occur every day,” says Maren Lübke, a consultant at the HIS institute in Hanover. “Most are successfully blocked, but the few that slip through can cause serious harm, particularly if they are not detected promptly.”
Artificial intelligence adds a new layer of concern. In November, according to Anthropic in San Francisco, a likely state-backed hacking group used its Claude Code tool to automate attacks on roughly 30 organisations. In several cases, the intruders succeeded. The UK’s National Cyber Security Centre has already warned that attackers are using AI to amplify their capabilities — automating vulnerability discovery and data extraction, among other tasks. Experts still debate how far cyberattacks can be automated, but it is clear that AI allows people to execute familiar techniques faster and with less effort. Bato believes the education and research sector has not yet witnessed the full extent of what AI enables in the hands of attackers, calling the potential damage “substantial.” According to UK forecasts, AI will almost certainly increase both the frequency and intensity of attacks.
Universities are already adopting basic defence measures: multi-factor authentication, cybersecurity awareness campaigns, and upgrades to key systems. Yet experts doubt these are sufficient in the face of emerging forms of attack. Bato argues that institutions must not defend themselves in isolation. They need to share information about incidents, monitoring tools, and elements of security infrastructure. “At this point, everything hinges on collective defence. Alone, it no longer works,” he concludes.