Personal data of thousands of staff and students leaked

The personal data stolen during the hack of a German IT company also included that of staff and students at TU Eindhoven and HU University of Applied Sciences Utrecht. According to SURF, even more educational institutions were affected.

The company ID-ware, which was hacked in mid-September, creates and manages access passes for customers such as the Dutch Parliament, ministries and educational institutions. The hack resulted in the leak of pass holders’ data.

This week, it was announced that data of pass holders at HU University of Applied Sciences Utrecht and TU Eindhoven were leaked as well. In HU’s case, the breach mainly concerned employee data, while at TU Eindhoven, it also involved data of students. Data such as surnames, initials, home addresses and email addresses of 21,000 staff and students were stolen during the hack. Both institutions have reported the leak to the Dutch Data Protection Authority.

More institutions

The Netherlands Association of Universities of Applied Sciences and university association UNL do not know whether other institutions have been hit by the data breach. But SURF, the ICT association for education and research, has stated that several institutions have been affected. These could also include secondary vocational education schools. The spokesperson was unable to provide names or figures.

At the beginning of October, Minister for Digitalisation Van Huffelen reported that the access passes cannot be counterfeited using the hacked data. However, the data can be sold and used for phishing or spam.