Guest Post by Shanan Sorochynski

The afternoon of March 28 was not a super-happy-fun time for my department.

Instead of seeing the University homepage, visitors were greeted with a black screen that had the messages: “Hacked by SecurityBus,” and “Sorry Admin you’ve just been hacked.”

My first reaction was to check if the institution’s blog””the piece I manage””was still up.

It was.

The blog is set up on a server separate from the institution’s homepage, a precautionary measure that was implemented so that if the blog was ever hacked, the University website would be protected.

(Ironic, I know. Anyway…)

So, as far as Web presence went, we still had the blog and the official Facebook and Twitter accounts. Those last two are managed by Student Recruitment.

Throughout the incident no one had posted any comments or questions on the University’s Facebook account, and only one comment about the hacking appeared on the blog (which I’ll get to later).

Twitter was by far the busiest place.

My Tweetdeck has three columns dedicated to the University: “University of Regina,” “@UofRegina,” and “U of Regina.”

Within a few minutes of the site being down people were already tweeting screenshots of the hacker’s message, news of the hacking and asking questions.

This identified a tremendous gap.

Student Recruitment was not sure what (or if) they should be posting tweets about the incident. Crisis communication is not their role.

So after a quick phone call to them, I got admin access to the University’s Facebook account and established a plan for Twitter.

This was the first time social media had been on our department’s radar during a situation like this. Generally our eyes and ears are focused on traditional media (print, radio, television).

In the aftermath we might go to online news sites and read the comments. But that was it.

Now we do a bit of social media monitoring and have our own social media properties in play.

The benefit of having that instant feedback from the public is invaluable.

During the hacking incident students were tweeting and re-tweeting en masse: “I hope the @UofRegina releases a statement about what security hole the hackers abused. I’d like to know my financial information is safe.”

I was so grateful for that link to our stakeholders.

Because of those tweets and re-tweets we were able to focus on getting that specific piece of information they were looking for.

The blog was also useful.

The site was hacked at around 1 pm. The comment the blog received about the hacking showed up an hour after the site went down.

Again, my world being the cornucopia of irony that it is, the comment we received was in response to a post written by a member of the University’s Concert Choir.

They were planning a concert that dealt with the theme of wordplay,  “… and the humorous and heartbreaking circumstances that can be the result of miscommunication.”

Here is the comment:

Alex says:
March 28, 2011 at 2:07 pm

How about posting something about UofR’s site being hacked?

At this point our department was still trying to figure out what had happened and get a statement together. Close to an hour later the President sent the following to campus, which I posted in response to Alex on the blog:

YOURblog admin says:
March 28, 2011 at 2:52 pm


Here is what I know. A few minutes ago the President emailed the following to campus:

“The University of Regina’s web server is currently unavailable due to technical difficulties. Operations will resume as soon as Information Services staff address the issue, at which time another campus-wide notification will be sent. We appreciate your patience as this matter is resolved.”


It wasn’t much information. But I wanted Alex to know that we were listening.

I posted this in the comments section instead of creating a new post because the University, at this point, had not declared the hacking a full-out emergency. It was still trying to determine the scale and breadth of what this was.

Would the situation be remedied in an hour, two hours, twelve?

Here is the next comment I left:

YOURblog admin says:
March 28, 2011 at 5:30 pm


A media statement has just been released:

University of Regina website temporarily down

The University of Regina experienced an unauthorized intrusion to our main web server on Monday, March 28, 2011. Measures to address this situation were immediately instituted and as a result, the institutional website is currently unavailable and will likely not be fully restored today.

The University has made some essential web services available through a temporary website at for faculty, staff and students.

After an initial assessment, we believe that the institutional databases that house personnel and student records, including financial records, have not been affected. Information Services is taking necessary remedial action to have the website available as quickly as possible.

This media statement was released four-and-a-half hours after the site went down.

It is not a horrible response time.

But it is still four and a half hours students had an extra thing to worry about that wasn’t their papers, finals or how they were going to pay their rent that month.

The website was back online by 8 pm that evening.

As far as incidents go we were lucky. It happened on a Monday afternoon when the majority of the Communications team was present and at the ready; it lasted less than 8 hours and everyone’s information was safe.

But it did get the team to think about worst-case scenarios and what we can do to make our current crisis communication processes better.

How ready is your team for a crisis? What’s the plan if it happens on the weekend?

Shanan-SorochynskiShanan Sorochynski manages the University of Regina’s first official blog: YOURblog. Previous to this she was the managing editor of U of R Report, the University’s faculty and staff internal publication, and a print journalist in Manitoba.