Campus Alert Archive
UST

A Nine-Day Outage Knocked a Houston University Offline on the Eve of Fall Classes

TXinfrastructure failureadvisorymedium confidence
Confirmed Threat

The University of St. Thomas, a private Catholic university in Houston, took several systems offline on Tuesday, August 12, 2025 after an unauthorized party tried to access campus servers. The outage knocked out the university website, log-in system and financial-aid resources less than a week before fall classes began on August 18, and systems were only "gradually returning to normal" after a nine-day outage. A ransomware group later claimed to have stolen 1.8 terabytes of data.

Alerts
3
Response
Killed
Injured
Institution
University of St. Thomas
Private Masters · TX
~3,500 students
Confirmed Timeline

Alert Sequence

3 messages in sequence

Some alert texts below are approximate reconstructions from news coverage, not confirmed verbatim transcripts. Reconstructed texts are shown in italic with a dashed border. Verified verbatim texts have a solid border and are marked accordingly.

INITIAL ALERTWebsite
Approximate reconstruction360 chars
The University of St. Thomas detected an attempt by an unauthorized party to access our systems. Out of caution, we proactively quarantined the affected servers. As a result, the university website, single sign-on, financial aid and other online resources may be temporarily unavailable. At this time we have found no evidence that information was compromised.

This text has been reconstructed from news coverage and may not reflect the exact original wording.

Reconstructed: the university said it proactively quarantined affected servers after an unauthorized access attempt and initially reported no evidence of compromised information.
The 'no evidence of compromise' framing was later overtaken by events, when a ransomware group claimed to have stolen 1.8 TB of data.
UPDATEWebsite
Approximate reconstruction321 chars
We continue working to safely restore our systems following the recent cybersecurity incident. Some services, including the website, log-in portal and financial aid, remain intermittently unavailable. Fall classes will begin as scheduled on Monday, Aug. 18. We appreciate your patience as our teams work around the clock.

This text has been reconstructed from news coverage and may not reflect the exact original wording.

Reconstructed: coverage emphasized that students could not access the website, single sign-on and financial-aid information as the August 18 start of fall classes approached.
The outage's collision with enrollment verification and financial aid is what made it operationally severe for a small university.
UPDATEWebsite
Approximate reconstruction266 chars
Our online systems are gradually returning to normal following the recent outage. You may still experience intermittent issues as restoration continues. We will provide further updates, including any findings from our ongoing investigation, as they become available.

This text has been reconstructed from news coverage and may not reflect the exact original wording.

Reconstructed: GovTech reported systems were 'gradually returning to normal' following a nine-day outage that prevented access by the first day of school.
This recovery notice is not an all-clear; the investigation later revealed a major data breach with files posted online.
Context

Background

The University of St. Thomas in Houston, a private Catholic university of about 3,500 students, took several systems offline on Tuesday, August 12, 2025 after detecting an unauthorized attempt to access its servers — the university said it proactively quarantined the affected machines. The timing was severe: the outage hit less than a week before fall classes began on August 18, leaving students unable to reach the website, single sign-on, and financial-aid resources during enrollment season. Systems were only gradually returning to normal after a nine-day outage. The incident later escalated into a major breach: a ransomware actor claimed to have exfiltrated 1.8 terabytes of data, and at least 630,000 UST files were posted online, prompting data-breach notifications and litigation. Reporting later suggested the university had brushed off earlier red flags. With its web and log-in systems offline, the university communicated the outage through whatever public channels remained available.
Analysis

Key Findings

A cyberattack took a private Houston university offline for roughly nine days right before fall classes began
The outage disabled the website, single sign-on and financial-aid resources during peak enrollment season
What began as a quarantined access attempt escalated into a breach with at least 630,000 files posted online
The incident illustrates how a 'no evidence of compromise' initial notice can be overtaken by later forensic findings
Outcome
Systems gradually returned over roughly nine days, but the incident escalated: a ransomware actor claimed credit and [at least 630,000 UST files were later posted online](https://abc13.com/post/university-st-thomas-releases-little-information-following-massive-data-breach-houston-chronicle/18007188/), prompting a data-breach notification and litigation.
Provenance

Sources

  1. News
    Cyber Attack Takes University of St. Thomas, Texas, Offline - GovTech
    govtech.com
  2. News
    Cyberattack leads university in St. Thomas, Texas, to go offline - EdScoop
    edscoop.com
  3. News
    University of St. Thomas, Texas, Still Recovering After 9-Day Outage - GovTech
    govtech.com
  4. News
    University of St. Thomas releases little information following massive data breach - ABC13 Houston
    abc13.com
  5. News
    St. Thomas Brushed Off Red Flags Before Dark-Web Data Dump - DataBreaches.Net
    databreaches.net
Tags
cyberattackransomwaredata-breachtexasprivate-catholicit-outageadvisory
Added May 2026Updated May 2026Via ingestion