The personal data of tens of thousands of Eindhoven University of Technology students and employees were captured in a recent ransomware attack on the Dutch branch of German smart card specialist ID-ware.
In an email to about 21,000 students and employees, TU Eindhoven announced that personal data may have been leaked in the attack. This concerns students and employees who have printer and access passes for certain university buildings. The leaked information includes e-mail addresses, home addresses, names and places of residence. No photos of students or employees were captured, according to the report.
ID-ware hack larger than thought
The data breach at ID-ware is larger than initially thought. The initial statement suggested that the breach was limited to information of Dutch government ID card holders. The scale of the breach now appears to extend to information from TU Eindhoven. According to the smart card specialist, criminal group BlackCat (alias AHLPV) is believed to be behind the attack.
In a recent update on the hack discovered on September 17, ID-ware says it cannot comment on the impact on individual customers. However, the company did confirm that no members of the House of Representatives were involved in the breach. Furthermore, ID-ware said the breach will not allow unauthorized access to government buildings.
TU Eindhoven advises affected students and employees to be alert for suspicious emails and identity fraud in the coming period. Those affected can still continue to use their passes.