Half a million victims of college’s data breach

Half a million victims of college’s data breach

The University of Applied Sciences in Arnhem and Nijmegen (HAN) has almost completed its investigation into the data leak discovered on 1 September. A hacker obtained data on students, staff and other contacts of the university.

The investigation shows that the hacker gained access to one of the university’s servers via a web form. According to the University of Applied Sciences, most of the data stolen (at least 95 per cent) was general personal data such as name, address, place of residence, email address and telephone number. 

Social security number
Three percent of the cases (14,766 times) involved privacy-sensitive personal data. This included, for example, the Social Security Number (BSN) (407 times), functional limitations (2,087 times), the study delay of students (1,418 times) and their political preferences (152 times). Some of this data had already been on the hacked server since 2011. 

HAN apologises again and regrets not being able to prevent the data theft. Victims will be informed about the leak and given tips on how to minimise the risk of phishing. (HOP, JvE)