Campus Alert Archive
U-M

Michigan Severs Itself from the Internet on the First Day of Classes

MIinfrastructure failureadvisorymedium confidence
Confirmed Threat

On Sunday, August 27, 2023, University of Michigan information security staff disconnected all three campuses from the internet at 1:45 PM EDT after detecting a 'significant security concern.' The shutdown extended into the first day of fall classes on Monday, August 28, affecting Ann Arbor and Dearborn but not Flint. Hackers had gained access to personal information of up to 230,000 students, employees, alumni, and patients between August 23-27.

Alerts
2
Response
min
Killed
0
Injured
0
Institution
University of Michigan
Public R1 · MI
~51,225 studentsU-M Emergency Alert
Confirmed Timeline

Alert Sequence

2 messages in sequence

Some alert texts below are approximate reconstructions from news coverage, not confirmed verbatim transcripts. Reconstructed texts are shown in italic with a dashed border. Verified verbatim texts have a solid border and are marked accordingly.

INITIAL ALERTEmail
Approximate reconstructionCNN — paraphrasing the U-M ITS notice posted Sunday afternoon562 chars
We have made the difficult decision to sever the university's ties to the internet. As a precautionary measure in response to a significant security concern, U-M ITS has disconnected the campus network from the internet, effective immediately. This affects access to the internet from U-M wired and wireless networks, including MWireless and MGuest, on the Ann Arbor, Dearborn and Flint campuses. Michigan Medicine clinical systems are not affected. We understand this is disruptive, especially as classes begin tomorrow. We will share updates as soon as we can.

This text has been reconstructed from news coverage and may not reflect the exact original wording.

The phrase 'difficult decision to sever the university's ties to the internet' was widely quoted because it sounded almost diplomatic — like the university was breaking off relations with a foreign power.
First-day-of-classes timing made this the most disruptive cyber incident in Big Ten history to that point. Reconstructed from press quotes.
UPDATEEmail+18h 15m
Approximate reconstructionBleepingComputer — quoting Monday morning U-M update488 chars
Internet access remains unavailable on the Ann Arbor and Dearborn campuses as the first day of fall classes begins. Wi-Fi, MCommunity, Canvas, Wolverine Access and most cloud services cannot be reached from on-campus networks. Faculty are asked to use flexibility with attendance and assignments today. The Flint campus is operating normally. Michigan Medicine clinical operations remain unaffected. We thank you for your patience as our information assurance teams work around the clock.

This text has been reconstructed from news coverage and may not reflect the exact original wording.

The detail that Flint was unaffected and Michigan Medicine kept running tells you which segments are network-segregated — the rest of the university apparently is not.
Reconstructed paraphrase from press accounts.
Context

Background

U-M's Information Assurance team detected suspicious activity on the campus network on Wednesday, August 23, 2023. Four days later — at 1:45 PM EDT on Sunday, August 27 — they took the extraordinary step of disconnecting the entire Ann Arbor, Dearborn, and Flint campus networks from the public internet. The blackout extended into the first day of fall semester classes on Monday, August 28, forcing professors to teach without Canvas, students to walk off-campus to use cellular data, and the financial aid office to delay disbursements. Two months later, the university disclosed that the unauthorized third party had accessed personal information for up to 230,000 individuals, including Social Security numbers, driver's license numbers, payment card numbers, and health records from University Health Service and the School of Dentistry. Michigan Medicine clinical systems were spared because they ran on a segregated network — a decision that paid for itself many times over during the incident.
Analysis

Key Findings

Suspicious activity detected August 23, 2023; campus disconnected from internet at 1:45 PM EDT on Sunday August 27, 2023.
Outage extended into the first day of fall classes (Monday August 28).
Up to 230,000 individuals had personal data accessed during August 23-27 access window.
Michigan Medicine and the Flint campus operated on segregated networks and were unaffected.
Outcome
Internet access was restored in stages, with connectivity fully restored on Wednesday, August 30, 2023. The breach exposed Social Security numbers, driver's license numbers, payment card numbers, and health information of up to 230,000 individuals.
Provenance

Sources

  1. News
    University of Michigan shuts down internet after cybersecurity incident — CNN
    cnn.com
  2. News
    U-M severs ties to internet after cyberattack — The Record
    therecord.media
  3. News
    University of Michigan shuts down network after cyberattack — BleepingComputer
    bleepingcomputer.com
  4. News
    Hackers gained access to up to 230,000 individuals — Detroit News
    eu.detroitnews.com
  5. Student Paper
    Social Security numbers compromised in UMich cyberattack — Michigan Daily
    michigandaily.com
Tags
cyber-attackdata-breachinfrastructure-failurenetwork-outagefirst-day-of-classesmichigan2023
Added May 2026Updated May 2026Via ingestion