The cyberattack that targeted Munster Technological University (MTU) last February has so far cost the educational institution €3.5 million.
The university's annual report for 2022 outlined a number of measures it has taken to strengthen online security against any further cyberattacks.
As a result of the cyberattack, the TU Cork campus was closed temporarily following the “significant” IT breach and phone outages.
The Kerry campuses of MTU remained unaffected. As part of the cyberattack, a ransom had been demanded but MTU had “not engaged”.
Arising from the incident, MTU engaged in close contact with the National Cyber Security Centre, the Data Protection Commission, An Garda Síochána and other relevant stakeholders, including Government departments.
MTU was set up in 2021 and comprises the former Institute of Technology Tralee (ITT) and Cork Institute of Technology (CIT) and has a student body of 18,000.
The annual report said that "following a cyber attack in February 2023 a large body of work is underway across the MTU IT environment to best align IT systems with leading practices in relation to both IT security, environment recovery, and data integrity/monitoring”.
The report said "a series of systems and enhanced controls have been put in place”.
The university also "engaged the services of KPMG to review and implement many of these measures to-date”.
The report said the direct costs associated with the cyberattack currently stood at €3.5 million.
Separately, the report also discloses that weaknesses in relation to compliance with procurement rules and guidelines were identified and €2.7 million expenditure was incurred where the procedures employed did not comply with the guidelines.
The report said the main reasons for non-compliance were international student recruitment, outsourced course delivery and delays in capital projects due to Covid-19.
MTU recorded a surplus of €5.27 million in the 12 months to the end of August 2022. The university recorded income of €228.5 million and costs of €223.1 million.