Aalborg, 12 August 2020
Since Aalborg University shut down access to all its IT systems on Tuesday night in the face of a hacker attack, in-depth analysis has been done on more than 100 GB of log data from more than 500 systems. All indicators continue to point to the fact that no confidential, sensitive personal data or research data was leaked.
Aalborg University is nearly at the end of this extensive review. The analyses are part of the investigative work following a series of incidents that sounded the alarm at the university’s IT department. For security reasons, Aalborg University quickly took action and shut down access to IT systems. Analyses have shown that the series of seemingly one-off events were connected and that this was a sophisticated, targeted hacker attack. More specific information on how hackers accessed AAU systems is not being published at this time for security reasons as it could be used by others or the same people.
- Our method of IT security at AAU takes a better-safe-than-sorry approach. Therefore, when we find activity that does not immediately appear normal, we and our security firms put it under the magnifying glass. Our analyses quickly led us to close off the Internet and we are now in the process of a controlled reopening of access to all systems. If at another time we find irregularities that, for security reasons, make it appropriate to interrupt system contact to the outside world via the Internet or that we need to have even more complex passwords, we will also not hesitate to take such decisions, says Antonino Castrone, University Director.
Opening access to IT systems is taking place in a controlled manner according to a step-by-step plan, and all staff and students are in the process of changing their password in order to access the systems again. Aalborg University is therefore in control of the systems, but continues to work on the final part of the analysis and investigation.
- We are well along in the process of access to most systems again. Our analyses show that no data – neither sensitive personal data nor research data – was compromised. We have, of course, intensified our surveillance for now as we want to remain extra attentive. We had already launched a number of planned security projects before this incident, and of course we are also continuing these, says Antonino Castrone.
Aalborg University reported the incident to the police, and submitted a report to the Danish Data Protection Agency as required by law. The notification to the Danish Data Protection Agency, which was due soon after the attack was detected, states there is potentially a risk that the hackers had access to personal sensitive information and to research data. However, following the numerous analyses that Aalborg University has performed in recent days, there are no indications at this stage that any such leak took place. Information has also been provided to DKCERT, which also has contact with the Centre for Cybersecurity at the Danish Defence Intelligence Service. The security staff of the other Danish universities are also being regularly apprised of the situation in the interest of extra attention to similar irregularities in their own IT systems and thus rapid response.
Students and staff at Aalborg University will – continually and in line with the step-by-step opening of access to systems – see all functions in systems and services running again. The expectation is that everything will be operating normally before the beginning of the new academic year.
See additional information on aau.dk
Press Contact: Bo Jeppesen, Senior Advisor, Tel: 6140 4061