FAQ cyberattack
General information | information for students | information for staff | research
Dernière mise à jour de la page : 16 septembre 2024 (see areas highlighted in grey)
An email messaging service for firstname.surname@universite-paris-saclay.fr addresses is available since the 30th August 2024 for all staff at Université Paris-Saclay, without any previous email archives at this stage.
On 6 September, students should have received an email to their personal email addresses with information on how to activate their university email address (firstname.surname@etu-upsaclay.fr). This email will allow students to use Microsoft Office online (Teams, Excel, Word, PowerPoint) and to access certain Université Paris-Saclay IT services. The university will only contact students via their @etu-upsaclay.fr. temporary email address.
Laboratory staff are requested, for the time being, to use another email address provided by one of the laboratory’s other institutional operators for all research-related correspondence, rather than the @universite-paris-saclay.fr email address.
To access your email account, you must first log off from your Microsoft account before going to https://hermes.universite-paris-saclay.fr and then follow various steps. To ensure that your access is secure, two-factor authentication has been introduced (including an SMS text message). Your local IT team will be able to help you if you require assistance.
General information
What happened on Sunday 11 August?
Université Paris-Saclay has fallen victim to a large-scale cyberattack that severely impacted its digital services, affecting all its internal servers. Several services, including email messaging, the intranet and shared applications are unavailable. Since that date, the IT department, supported by the French National Agency for the Security of Information Systems (ANSSI), have been working on gradually restoring these services.
Is the identity of the hackers known? Has Université Paris-Saclay reported the incident?
The identity of the hackers is not known at this time. In accordance with its principles and government directives, the university will not pay any ransom, given that such payment do not guarantee that IT services will be restored and only encourages cybercriminals to repeat their actions against public institutions.
The incident was reported on 20 August with the Departmental Gendarmerie of Palaiseau to ensure legal action follows this attack targeting a fundamental public service.
How is the situation being managed by the university?
Université Paris-Saclay has appealed to the French National Agency for the Security of Information Systems (ANSSI), in order to investigate the cyberattack, determine the affected scope, be supported in identifying the vulnerabilities that enabled this cyberattack, and have support in developing the appropriate technical response. A crisis unit was activated immediately after the incident occurred. This unit includes the university's president, Director General of Services, IT department and ANSSI. It decides the actions to be implemented, following ANSSI's recommendations.
What are the priorities of Université Paris-Saclay in response to this cyberattack?
The institution's priorities are to secure the university's information , and to gradually restore digital services. In particular, the restoration of a messaging service has been identified
as highly critical.
The website www.universite-paris-saclay.fr seems to have changed. Is it really a site managed by the university or a site created by hackers?
As the official website www.universite-paris-saclay.fr was affected by the attack, a temporary site has been launched by the university's services in order to ensure communication with staff and students over the coming days and weeks. The FAQ relating to the cyberattack will be regularly updated on this site. It is therefore recommended to check this website regularly, as well as the university's social media.
Is there a schedule for the restoration of the IT tools at Université Paris-Saclay?
It is still too early to establish a precise timeline for the restoration of digital services. However, this restoration will take place in stages, which will spread over several weeks to several months. The priorities have been set on
securing the IT infrastructure, reconstituting a centralised authentication service, and restoring messaging services.
Are the grandes écoles, associate institutions or research organisations of Université Paris-Saclay also affected by this cyberattack?
The central services of Université Paris-Saclay, its faculties, University technical institutes (IUT), Polytech Paris-Saclay and the Observatory of the sciences of the Universe (OSUPS), are affected by these disruptions. The authentication services of the grandes écoles (AgroParisTech, CentraleSupélec, ENS Paris-Saclay and Institut d’Optique Graduate School), associate institutions (UVSQ, université d’Évry), and research organisations are operating normally. Staff and students of these institutions have normal access to the services provided by their respective organisation. However, they currently cannot access certain digital services hosted by Université Paris-Saclay (such as the shared online space "Cirrus").
Information for students
Enrolment
See the page on the start of the academic year
International students
See the page on the start of the academic year
PhD candidates
See the page on the start of the academic year
Useful information
Accommodation, libraries, catering, student health, gap years, disabilities, social and financial support, civic service, associations, mentoring and student jobs…see the dedicated page.
Information for staff
IT Tools
Which IT tools do I currently have access to? Can I use them safely?
Office tools can be accessed from work computers but not all tools are up and running for the moment. Job-specific tools can be accessed in certain departments, faculties and institutes. The situation is currently being reviewed and managers and heads of departments will inform you whether these tools can be used or not. They should only be used in full compliance with the instructions provided by the IT department on IT security.
The restoration of applications and IT services, where possible, will take place at a later stage following an action plan which is currently being established.
Can I recover the data stored on servers and shared spaces?
The IT department (DSI), with the assistance of ANSSI, is currently analysing the situation to determine if the data stored on servers can or cannot be recovered. We will keep you informed.
Data stocked on shared drives (K, P and T) should be restored by the end of September, although we cannot yet 100% guarantee that all data will be fully recovered.
I still have access to some applications (e.g., Teams). Can I use them?
It is still possible to use certain applications if you have not been logged out and can still access them without logging out (you will not be able to reconnect afterwards). If files are currently accessible, consider saving them on your device. You will be able to reconnect once your professional email address has been reactivated.
Can I use the university’s wired network to access the Internet?
The wired internet network was reconnected on Thursday 29 August 2024.
IT security and best practices
Is there a potential leak of personal data? If so, what are the risks and how will I be informed?
A leak of data, whether personal or not, cannot currently be confirmed or denied. It is possible that some data may have been recovered by the hackers, without us being able to know the extent or nature. The IT Department (DSI) and ANSSI are working to identify any potential data breaches. A report has been filed with the French DPA (Cnil).
In this context, we recommend being even more vigilant and not responding to requests for confirmation/access to personal data without verifying the legitimacy of the requester (e.g., checking institutional email addresses).
Should I change my passwords?
As a precaution, it is recommended to change passwords for any sites and services you have accessed from your work computer or that use these passwords.
Human resources
Should I extend my leave or continue working from home given the situation?
The current situation does not require extending staff leave beyond the summer break. The possibility of working from home must be assessed by supervisors based on the current situation, the nature of the work, and any increased difficulties in performing tasks remotely due to the lack of certain IT tools.
Will payroll be processed normally?
Payroll for the month of August for staff employed by Université Paris-Saclay had been prepared before the attack, and was processed normally on Wednesday 28 August. A new payroll software will mean that following pays will also be processed normally. New recruitments, retirements and other payroll issues will all be taken into account as usual.
Given the context, can I assist services that need additional support?
From the very start, the entire university community has shown strong solidarity. This support is greatly appreciated. Do not hesitate to offer your assistance within your team. Your help and support will be welcome.
Will a psychological support unit be set up for staff who have lost significant amounts of work-related data?
The extent of the data loss is yet to be determined. A psychological support unit will be set up. Details will be given subsequently.
Administrative procedures
How to have documents signed by people with delegated authority for signing?
Hard-copy signature procedures using internal mail services can be used as usual in cases electronic signatures are not possible.
Libraries
You can find information regarding libraries on the useful information page
The validation of APC payments in journals published by Elsevier and Wiley will be processed by the Couperin consortium (automatic), until email messaging services are up and running again.
Occupational health
How can I contact the occupational health service at my faculty or institute?
The easiest solution is to telephone the occupational health service at your faculty or institute or go there directly.
N.B. For the Orsay Vallée campus, go to Building 452 or Building 336. For the Orsay-Gif Plateau campus, go to Building 640.
In case of an emergency outside of opening hours, contact the national emergency services (SAMU – 15 or 112)
Research
What precautions should be taken when exchanging sensitive research data?
Sensitive data should not be exchanged through emails, in the current situation as in everyday practice. Sending links to content is to be preferred and established protocols must be followed for highly sensitive data.
Can I benefit from the services provided by the other supervisory bodies of my laboratory (e.g., CNRS, CEA)?
In a joint research unit, the services provided by the other supervisory bodies are still active and can therefore be used.