Campus Alert Archive
N.C. A&T

BlackCat Hits the Nation's Largest HBCU on Spring Break Friday

NCinfrastructure failureadvisorymedium confidence
Confirmed Threat

The ALPHV/BlackCat ransomware group attacked North Carolina A&T — the largest HBCU in the United States — on Friday March 17, 2023, the start of spring break. Single sign-on, Blackboard, VPN, Wi-Fi, Aggie Alert, and the Banner student-information system all went offline. BlackCat claimed to have exfiltrated 51 GB of data including SSNs, financial-aid records, payroll files, and police-department records, and posted samples to its dark-web leak site on April 1, 2023.

Alerts
3
Response
min
Killed
0
Injured
0
Institution
North Carolina Agricultural and Technical State University
Hbcu · NC
~13,322 studentsAggie Alert
Confirmed Timeline

Alert Sequence

3 messages in sequence

Some alert texts below are approximate reconstructions from news coverage, not confirmed verbatim transcripts. Reconstructed texts are shown in italic with a dashed border. Verified verbatim texts have a solid border and are marked accordingly.

INITIAL ALERTmulti-channel
Approximate reconstructionReconstructed from N.C. A&T IT Services status messages and Greensboro News & Record coverage339 chars
AGGIE ALERT: A network outage is currently impacting N.C. A&T information technology services, including Wi-Fi, Blackboard, Banner, single sign-on, and email. Information Technology Services is investigating. Classes will continue as scheduled today. Faculty and students should use alternative arrangements as needed. Updates will follow.

This text has been reconstructed from news coverage and may not reflect the exact original wording.

Friday-morning timing on the last day before spring break is the recurring pattern for ransomware against US universities — IT staffing is lowest at the start of a holiday weekend.
Aggie Alert itself was affected later in the day; the very system used to send this message went offline soon after.
UPDATEEmail+2d
Approximate reconstructionReconstructed from The Record's reporting on N.C. A&T's spring-break community message528 chars
N.C. A&T is responding to a network disruption that began Friday, March 17. Out of an abundance of caution, we have isolated affected systems. Single sign-on, Aggie Alert, Blackboard, the campus VPN, the Aggies portal, Banner, and the residence-hall Wi-Fi are currently unavailable. Email and Microsoft 365 services remain available for most users. Federal law enforcement has been notified and outside cybersecurity experts are assisting. We are not releasing further technical detail at this time to protect the investigation.

This text has been reconstructed from news coverage and may not reflect the exact original wording.

Listing of affected systems is unusually candid for a university notice — it signals that the campus knew Wi-Fi residents would notice immediately.
Phrase 'we are not releasing further technical detail' is the standard FBI-coordinated holding line.
UPDATEEmail+15d
Approximate reconstructionReconstructed from BleepingComputer reporting on N.C. A&T's April 1 statement after the leak-site post443 chars
We are aware of reports that a threat actor has posted information online claiming to be from N.C. A&T. We are investigating these claims with our cybersecurity partners and federal law enforcement. If we determine that personal information has been impacted, we will notify affected individuals directly in accordance with state and federal law. Please do not click on any links from unknown sources purporting to provide access to this data.

This text has been reconstructed from news coverage and may not reflect the exact original wording.

April Fool's Day timing was reportedly intentional on BlackCat's part — sample data appeared with the heading 'NCAT' on the gang's leak portal.
University still does not name ALPHV or BlackCat; that disclosure comes only in the May individual notifications.
Context

Background

N.C. A&T is the largest HBCU in the United States with more than 13,000 students. On Friday March 17, 2023 — the last day before spring break — the ALPHV/BlackCat ransomware group disabled core campus IT, including the Aggie Alert emergency-notification system itself. The university quickly isolated affected systems and brought in the FBI and outside incident-response firms. On April 1, 2023, BlackCat posted samples of 51 GB of stolen data on its dark-web leak site, including financial-aid forms, payroll spreadsheets, and police-department files. N.C. A&T notified affected individuals beginning in May. The incident became a focal point for HBCU cybersecurity advocacy: the United Negro College Fund and other groups cited it in 2023-2024 testimony pushing for federal cybersecurity grants targeted at minority-serving institutions, arguing that HBCUs face disproportionate ransomware targeting with disproportionately small security budgets.
Analysis

Key Findings

Attack hit on the Friday morning of spring break — the recurring 'low-staff Friday' pattern for ransomware against US universities.
Aggie Alert was itself among the systems taken offline, forcing communications through personal email and university social media.
BlackCat posted 51 GB of stolen data on April 1, 2023, including police-department records — a rare and sensitive category.
Incident drove federal advocacy for dedicated cybersecurity funding at HBCUs and other minority-serving institutions.
Outcome
N.C. A&T restored core academic services in time for the post-break return; Wi-Fi and SSO were intermittent for two weeks. Affected individuals were notified by mail beginning in May 2023 and offered credit monitoring. The university stated it did not pay the ransom.
Provenance

Sources

  1. national media
    North Carolina A&T State University warns of BlackCat ransomware attack — BleepingComputer
    bleepingcomputer.com
  2. national media
    N.C. A&T cyberattack: BlackCat ransomware group claims 51 GB stolen — The Record
    therecord.media
  3. Official
    N.C. A&T network disruption updates
    ncat.edu
  4. Official
    CISA Joint Advisory AA23-061A: #StopRansomware: ALPHV BlackCat
    cisa.gov
Tags
cyberattackransomwarealphvblackcathbcunorth-carolinaspring-breakalert-system-offlinedata-breachinfrastructure-failure
Added May 2026Updated May 2026Via ingestion