The log-in details of university staff members were temporarily available for everyone to view on one of Elsevier’s servers. It is still unclear how many accounts have been affected by this breach and how long the log-in details stayed up. On Monday, Elsevier announced that the issue had since been resolved.

In response to the reports, Domingus examined whether any log-in information of EUR staff members and students had been accessible to third parties during the breach. This turned out not to be the case. As a rule, the University Library does not share any personal data with Elsevier.

open access

Read more

Login details exposed online due to Elsevier data breach

Login information belonging to an undetermined number of university accounts was temporari

Pseudonimised identifier

For example, students and staff members who want to read an article published in an Elsevier journal actually log in via the University Library. And when EUR shares data with the Elsevier environment, the university uses a ‘pseudonimised identifier’, according to Domingus. This means that every session uses a new combination of unique, random data, which Elsevier can only trace back to Erasmus University – not to a specific student or staff member.

Incidentally, the university is able to check who logs in via the University Library. And there are a number of situations in which it also refers to this information, explains Domingus: when lending a physical copy of a book, for example, or to send out reminders when a publication isn’t returned on time. It also allows the university to check which journals are read by the users – to determine which subscriptions the library should take out, for example.