Cyber ​​attack closes 4 CEGEPs in Quebec and cancels courses and exams

A cyberattack has led to the suspension of classes and the cancellation of exams at four Cégep de Lanaudière campuses, affecting 7,000 students.

Classes were suspended late last week after an attack on the college network’s servers left the four schools deprived of Omnivox, the main digital platform used by staff and students.

The exact nature of this cyberattack has not been disclosed. However, various images, some pornographic in nature, were displayed on the Omnivox website when students logged into their accounts.

Classes at CEGEPs Lanaudière, L’Assomption, Joliette and Formation Continue are expected to remain suspended for the remainder of this week.

In a notice sent to students and staff last Sunday, management said it was forced to suspend classes at least until Tuesday so that a cybersecurity company could investigate the origin of the attack and, if possible, remediate the breach.

“The investigation is still ongoing. At the moment, experts do not suspect any data leak,” said Marilyn Sansregret, spokeswoman for the Cégep régional de Lanaudière.

On Tuesday evening, the students found out that classes would be suspended until at least Friday.

Sansregret said the IT department is working diligently to strengthen and secure computer systems, but it is still too early to resume normal operations.

“Management, hoping for a return to classes on May 13, promises a new update on Sunday evening,” she said.

Colleges and universities are regularly the target of cyber attacks. In spring 2022, Collège Montmorency in Laval had to suspend classes due to a data breach in its computer systems. This data was then published on the dark web.

Cégep de Saint-Félicien was also attacked in September 2020, as was Cégep de Jonquière in June 2021.

The Université du Québec à Trois-Rivières and Cégep de Trois-Rivières also had to suspend their computer activities in December 2021 due to security deficiencies.

Also in December 2021, the province was forced to shut down nearly 4,000 government websites due to a security flaw that allowed access without authentication.