In August 2021, a week before the start of the new school year, one of the Netherlands’ largest VET colleges, Regionaal Opleidingen Centrum (Regional Education Centre) ROC Mondriaan, fell victim to a ransomware attack. More than 20 000 students and 2 100 staff members lost access to several systems, applications and document files – a true disaster.

First priority: preventing disruption in education

Only 9 days before the start of the new school year, an IT staff member discovered the hack, yet the school managed to start lessons without any delay. A major challenge was organising the communication with students and staff members, as email and the intranet were no longer available. Instead, teachers used WhatsApp groups, private email addresses, and social media (Facebook, Instagram) to keep students and parents up to date.

Digital whiteboards were replaced by ‘old school’ whiteboards and flip charts, both in the classroom and at the school entrance to inform the students about schedules and classroom changes. Student administration was conducted on paper. By organising exams at other VET institutions, the study progress of exam classes managed to avoid disruption. Teachers are normally not expected to print school schedules, but when the question ‘Who has a printed version of the school schedule?’ was raised, unplanned printed versions received a warm welcome!

By December 2021, when the Netherlands went into a new lockdown due to COVID-19, systems for online education were operational again. In the meantime, thanks to the willingness of all involved, solutions had been found for almost all problems the school was faced with. One of the school directors considered this solution-oriented approach as being typical of VET.

Personal data

In the meantime, a specialised forensic bureau concluded that only a limited number of servers had been infected by the ransomware attack. The hackers did not get access to systems containing most personal data, like the human resources management (HRM) and student tracking systems. Nevertheless, some personal information that could lead to identity theft was stolen. The school decided to rebuild all systems rather than pay the hackers to regain access. Some stolen data ended up being published by the hackers on the internet, which caused students and staff members some concern. ROC Mondriaan set up a helpdesk for them offering psychological support when needed.

Lessons learned

In 2019, Maastricht University had already fallen victim to a ransomware attack. In response to an investigation following that hack, the minister for education announced in 2021 measures at national level, to improve cybersecurity in education. These measures include the connection of each institution to a 24/7 monitoring mechanism, and periodical external auditing of each institution. For ROC Mondriaan an important lesson learned was being transparent with students, personnel and the outside world about what had happened and what temporary solutions were found.

On the bright side

A positive side-effect for students was the free tea, coffee and hot chocolate, while the digital payment system was down. The hack offered ROC Mondriaan an opportunity to build a new, even better ICT infrastructure. By March 2022, the majority of the systems were running again, including the payment system for coffee machines – to the disappointment of some.

Keywords: access to education and training, education and training needs, information and communication technology, vocational education and training, human resources management

Read more

 

Please cite this news item as: ReferNet Netherlands; Cedefop (2022). Netherlands: Your school got hacked? ROC Mondriaan VET college has the answer.  National news on VET