Things went wrong during the transition to a new administration system: on Monday, employees at Leiden University suddenly found themselves able to view the personal data of their colleagues, among others.
Names, home addresses, and sometimes even phone numbers… the personal data of everyone who had submitted an invoice to Leiden University was suddenly visible to all university employees, as discovered by the university magazine Mare. Private data belonging to various board members, deans, and the protected professor of law Afshin Ellian could also be accessed.
Transition to new computer system
The data breach occurred on Monday morning during the transition to a new computer system for financial and administrative matters. The IT department had already discovered it and the problem was resolved that same day, after a few hours. According to the law, the university is obliged to report the breach to the Dutch Data Protection Authority (AP).
A few weeks ago, the AP imposed a fine of €175,000 on the Arnhem and Nijmegen University of Applied Sciences for failing to adequately protect its employees’ data. Four years ago, a single vulnerability in the system led to the data of hundreds of thousands of people being exposed. In 2020, TU Delft suffered a data breach after an unencrypted laptop was stolen. (HOP, NB)
Comments are closed.