Data from 21,000 TU Eindhoven students & employees stolen in hack
The data from 21,000 university pass holders at TU Eindhoven was stolen as the result of a hack that breached IT supplier ID-Ware. A spokesperson for the university confirmed reporting about the incident by RTL Nieuws on Thursday.
ID-Ware is the supplier of the TU Eindhoven campus card system. Pass holders can use it primarily to gain access to buildings.
The data about the pass holders that was stored varied from person to person, according to the university. This may include their personal university identification number, initials, surname, address, city of residence, student number, place of birth, and an alternative private address. TU Eindhoven data has also been surfaced on the dark web, the university reported.
The university cautioned that the data can be misused, and affected persons can become the victims of identity fraud. They can also be approached as part of a phishing scam. The university therefore warned them not to open suspicious links. If they suspect identity fraud, they are advised to report this to the government's Centraal Meldpunt Identiteitsfraude, the reporting center for identity fraud.
RTL Nieuws reported that data from the employees of the Hogeschool Utrecht also ended up in the hands of the hackers. It was not clear whose data was taken, and how much information was stolen. An investigation must determine that a spokesperson for the school told RTL Nieuws.
ID-Ware claimed to have been the victim of a ransomware attack on Sunday, 18 September. This typically involves encrypting files that can only become available again once a ransom has been paid.
State Secretary Alexandra van Huffelen, who handles the Cabinet's digitalization portfolio, reported on 7 October that the hackers also looted the personal data of members of the Senate and Tweede Kamer, because ID-Ware also plays a role in the chip cards that give access to the parliamentary building and ministries. A day later, ID-Ware denied that data had been stolen.