Personal data of students and staff leaked

Personal data of students and staff leaked

In the hack of a German IT company, personal data of students and employees of TU Eindhoven and Hogeschool Utrecht were captured. According to SURF, more educational institutions have been affected.

The company, ID-ware, which was hacked in mid-September, manufactures and manages access passes for the Senate and House of Representatives, ministries and educational institutions, among others. As a result, the data of pass holders became available to the public. In the case of Utrecht University of Applied Sciences (Hogeschool Utrecht), the data mainly concerned employees, but at TU Eindhoven also students’ personal data was compromised. The data stolen there included surnames, initials, home addresses and e-mail addresses of 21 thousand employees and students. Both institutions reported the leak to the Personal Data Authority. 

More institutions
It is not known to the Association of Universities of Applied Sciences and universities association UNL whether more institutions were affected by the data leak. But SURF, the ICT association for education and research, says several institutions have been affected. These could include vocational schools (mbo). The spokesperson could not mention names or numbers.

State secretary Van Huffelen reported in early October that access passes cannot be counterfeited with the hacked data. However, the data can be sold and used in phishing or spam schemes. (HOP, PvT)