IT CRIMINALS HAD ACCESS TO A FEW USERS’ SENSITIVE INFORMATION

A quick reaction from Aalborg University (AAU) meant that only a few employees' sensitive personal data was compromised when IT criminals hacked into Aalborg University's IT system. This is the result of the investigation initiated by AAU immediately after the shutdown on August 4th. The compromised data concerns salary information of 28 employees or former employees, and passwords of 15 students and employees. Those affected are now being informed in a letter.

In addition, the university's investigation shows that about 30,000 users are affected by the incident, as the IT criminals have had access to the university's network and user database (Active Directory). The user database primarily shows general personal data, which is publicly available on Aalborg University's website. Additionally, it contains passwords in encrypted form (password hashes) and, for some users, mobile number for multifactor authentication.

Aalborg University is currently notifying everyone with a user profile in the university's user database whose general or sensitive personal data has been compromised.
 

PERSONAL DATA COLLECTION WAS NOT THE MOTIVE

It has been assessed that the intention of the illicit access was to gain access to the university's other IT systems, as well as to acquire knowledge of the university's IT infrastructure, to be able to blackmail the university with the threat of carrying out a targeted ransomware-attack, concluding that exporting personal data was not the motive behind the attack. This assessment is based on the methods, hacker activities, and tools used by the IT criminals in relation to the attack.
 

INCREASED SECURITY REQUIREMENTS

- Although personal data in itself does not appear to be the motive behind the attack, we obviously take it very seriously that IT criminals have had access to our network and the personal data of employees and students. We are glad that we discovered the attack this early so that only a few out of many users have had their sensitive personal data compromised. After the attack, we immediately closed access from and to the internet and then ensured that all users changed their password. We have increased monitoring on all systems, and we are proceeding with scheduled security measures, as well as following the controlled plan for a safe reopening of access to the IT systems. Specifically, from now on, both employees and students will meet increased security requirements for e.g. passwords and multifactor when they access and use IT systems at AAU, says University Director Antonio Castrone.
 

For further information, see en.its.aau.dk/alert

• Press Contact: Chief Advisor Bo Jeppesen, tel. 61404061