Campus Alert Archive
UMass Lowell

Cybersecurity Incident Shuts Down Summer Classes at UMass Lowell for an Entire Week

MAinfrastructure failureadvisorymedium confidence
Confirmed Threat

On Tuesday, June 15, 2021, UMass Lowell took its website offline and isolated its computer network after detecting a possible cybersecurity incident, canceling all in-person and online summer classes and closing all business operations. The university confirmed the attack did not involve ransomware but suspended nearly all network communications as a precaution. Classes did not resume until the following week after a forensics firm, SecureWorks, helped root out malware and restore core academic systems.

Alerts
3
Response
Killed
0
Injured
0
Institution
University of Massachusetts Lowell
Public R2 · MA
~18,000 studentsUMass Lowell Emergency Notification
Confirmed Timeline

Alert Sequence

3 messages in sequence

Some alert texts below are approximate reconstructions from news coverage, not confirmed verbatim transcripts. Reconstructed texts are shown in italic with a dashed border. Verified verbatim texts have a solid border and are marked accordingly.

INITIAL ALERTEmail
Approximate reconstruction348 chars
UMass Lowell is currently experiencing a possible cybersecurity incident. As a precautionary measure, we have taken our website offline and isolated our computer network. All classes and business operations are canceled until further notice. We are working with a leading cyber forensics firm to identify and resolve the issue. Updates will follow.

This text has been reconstructed from news coverage and may not reflect the exact original wording.

The phrase 'possible cybersecurity incident' was deliberately vague; the university declined to confirm ransomware involvement for two days, leading to significant speculation.
Canceling both in-person and online classes simultaneously signaled that the learning management system (Blackboard) was among the compromised systems.
UPDATEEmail
Approximate reconstruction403 chars
Classes will not be held today as we continue to investigate and remediate the cybersecurity incident. The university has engaged SecureWorks, a leading cyber forensics firm, to assist. We have installed Red Cloak software to help detect and remove any malware. Our investigation so far indicates this is not a ransomware attack. Blackboard and Zoom remain unavailable. We will update you by end of day.

This text has been reconstructed from news coverage and may not reflect the exact original wording.

The specific naming of SecureWorks and its Red Cloak endpoint detection product was disclosed publicly, unusual for an institution managing an active incident.
The explicit denial of ransomware was a departure from the prior day's silence and likely intended to prevent enrollment and donor panic.
UPDATEEmail
Approximate reconstruction391 chars
We are beginning to restore campus systems. Some employees are able to access off-campus tools including email. The university will observe Juneteenth on Friday, June 18, meaning campus will remain closed that day. We expect to resume limited operations the following week. Priority is being given to restoring Blackboard, Zoom, and student registration systems. We appreciate your patience.

This text has been reconstructed from news coverage and may not reflect the exact original wording.

The Juneteenth closure extended the effective outage through the weekend, meaning students experienced roughly a full work-week without access to any online coursework.
The sequencing of restoration priorities -- Blackboard first, then registration -- reflects standard higher-ed continuity triage during a network incident.
Context

Background

The June 15, 2021 incident at UMass Lowell came during the summer session, affecting students mid-way through accelerated six-week courses. The university immediately took its website offline and isolated its network as a precautionary measure after detecting suspicious activity. All online and in-person classes were canceled for at least four days, an unusually long disruption for a cybersecurity incident that did not involve ransomware. UMass Lowell engaged SecureWorks and installed their Red Cloak endpoint detection software to identify and remove the threat. The university's spokeswoman confirmed on June 16 that the attack was not ransomware but gave no further details about the nature of the intrusion. Most systems prioritized for restoration were Blackboard and Zoom, reflecting how completely online instruction had been integrated by mid-2021. A Juneteenth campus closure on June 18 further delayed return to normal operations, with full connectivity not restored until the following week. The incident raised questions about why UMass Lowell, a public research university, lacked sufficient network segmentation to isolate a non-ransomware intrusion without shutting down the entire campus.
Analysis

Key Findings

All summer classes and business operations canceled on June 15, 2021 due to a cybersecurity incident.
Disruption lasted approximately four days, with Juneteenth closure on June 18 extending effective outage through the weekend.
University confirmed attack was not ransomware, but provided minimal technical details publicly.
SecureWorks and its Red Cloak endpoint detection software were engaged for remediation.
Outcome
The university restored systems in stages. Blackboard and Zoom were prioritized, with full network connectivity returning the following week. A Friday campus closure for Juneteenth extended the effective disruption through the weekend.
Provenance

Sources

  1. News
    University of Massachusetts Lowell cancels classes after possible cybersecurity incident -- NBC News
    nbcnews.com
  2. News
    UMass Lowell says it wasn't hit by ransomware, classes canceled again -- Boston.com
    boston.com
  3. News
    UMass Lowell cancels classes due to possible cyberattack -- EdScoop
    edscoop.com
  4. News
    UMass Lowell cancels classes for several days -- WWLP
    wwlp.com
Tags
cybersecuritynetwork-outageclasses-canceledinfrastructure-failuresummer-sessionmassachusetts2021
Added May 2026Updated May 2026Via ingestion