Canadian College Suspends Classes After Holiday Cyber Attack

Aurora College announced Sunday that it's canceling all in-person and online classes for the week of January 5-9 after discovering a cyber attack on its systems during the Christmas break. The announcement came just one day before students in Canada's Northwest Territories were scheduled to return from the holiday.

The college says its servers, e-learning platforms, email, self-service portal, and student application systems are all currently down and expected to remain offline through the week. So far, there's no evidence of ransomware deployment or data exfiltration, though the investigation continues.

Timeline of the Attack

The intrusion occurred sometime during the Christmas break while the college was closed. Staff discovered the compromise when they returned and have been working to purge malicious code and recover systems since then.

"The attack happened during the Christmas break and staff have been working towards remediation and recovery of the system and to purge any malicious code," the college said in its statement.

Students learned of the suspension via social media on Sunday evening, January 4—giving them less than 24 hours notice before classes were supposed to resume. The college's website and social media channels, hosted separately from internal systems, remained operational throughout.

What's Still Working

Despite the widespread system outages, Aurora College emphasized that faculty and staff will be on-site throughout the week. Students can reach them by phone or visit campuses in person for assistance.

The college is also contacting territorial government officials regarding student financial assistance to minimize impact on learners who may face hardship from the unexpected closure.

No Ransomware Detected Yet

The college's statement noted that "so far, no evidence of a data breach or ransomware has been detected." That phrasing leaves room for uncertainty—forensic investigations can take weeks to complete, and attackers sometimes stage data exfiltration before deploying ransomware or demanding payment.

Educational institutions have become prime targets for ransomware gangs in recent years. Schools typically have limited IT budgets, store sensitive student data, and face enormous pressure to restore operations quickly. Many have paid ransoms to recover systems, which encourages more attacks.

The timing of this attack mirrors a broader trend. Threat actors deliberately target organizations during holidays and weekends when security teams are understaffed and response times slow. The Christmas-to-New Year period represents the longest continuous holiday window in most Western countries.

Part of a Broader Pattern

Aurora College joins a growing list of Canadian educational institutions hit by cyber attacks. Over the past two years, school boards and colleges across Canada have suffered disruptive intrusions, including:

• Toronto District School Board faced a significant breach affecting student and staff data
• Memorial University of Newfoundland dealt with extended outages after a ransomware attack
• Lakehead University experienced system compromises requiring weeks of recovery

Canada's National Cyber Threat Assessment 2025-2026, published by the Canadian Centre for Cyber Security, specifically flagged educational institutions as high-risk targets. The report noted that schools hold valuable data, often lack resources for adequate defense, and can't afford extended downtime during academic terms.

What Students Should Do

Aurora College advises students to stay updated via its website and social media channels. Classes are expected to resume January 12 if remediation stays on schedule, though the college hasn't committed to a firm timeline.

Students concerned about personal data exposure should monitor for unusual activity—unexpected communications, unfamiliar account access, or suspicious financial transactions. If evidence of a data breach emerges later, the college will likely provide more specific guidance.

The broader lesson applies beyond Aurora College. Any organization closing for extended holidays should assume attackers are watching. Automated monitoring, off-hours alerting, and incident response plans that account for skeleton crews can help limit damage when attacks inevitably occur during these vulnerable windows.