Hacker attack against the University
During the summer, the University was targeted by a hacker attack. Information from two of the University’s IT systems for issue tracking and documentation has been shared on the internet. Steps have been taken to secure the University’s IT environment and individuals affected have been contacted.
The individuals affected are primarily employed at University IT Services. The affected systems are not designed to store account information or personal data, however, the leaked material includes first names, surnames and user names of other employees and students as well as a few people from outside the University. No sensitive personal data were leaked.
The attack was quickly traced to a hijacked user account, which was blocked. The university's IT environment was secured and access to the systems concerned was limited. The incident has been reported to the University’s data protection officer, the Swedish Civil Contingencies Agency and the police.
When and how will I find out whether my own data was leaked?
Analysis of the material is still in progress, but if any individual person turns out to have been more specifically affected, they will be contacted directly.
What can I do to protect my own data and other people’s data?
Good IT hygiene goes a long way. As always, it’s important to choose good passwords, update them regularly and manage them securely. Never share your passwords with anybody else. It’s also important to keep your computer and telephone updated with the latest software and be alert when clicking on links in email messages and on the Internet – do you know where they lead?
What is the University doing about the situation?
Work is being done to speed up planned security measures such as the introduction of multi-factor authentication requirements. Multi-factor authentication means that users have to use at least two different verification factors to log in to IT systems. A follow-up group will analyse further action to reduce the risk of similar intrusions in the future once the incident is closed and all material fully analysed.
I’ve heard the attack came from Russia. What does that mean?
Attempts at this type of intrusion occur every day and often from other countries. In this case it was a Russian computer and IP address that lay behind the intrusion, but nothing else about the incident relates specifically to Russia.