Hackers might have gotten hold of sensitive information
The University of Reykjavík. mbl.is/Árni Sæberg
Computer hackers managed to download 185 gigabytes of data from the central drive of the University of Reykjavik (HR) in a computer attack at the beginning of the month.
The drive contains data such as investigative data, scores, disciplinary and pay issues, and there is a chance that the hackers have accessed it. This is stated in a statement from HR
The drive hosts 15 terabytes
The central drive of HR hosts about 15 terabytes of data or about 15,000 gigabytes, but the hackers managed to download 185 gigabytes.
Experts who have been working to assess the extent of the attack believe that it will not be possible to identify exactly which data were stolen, although the extent of these assets is known.
Sensitive materials stored on the drive
A considerable number of data stored in the drive concerns the school's former and current students, the school's staff, applicants for studies, and the work of outside parties who have been connected to the school's operations.
The announcement states that:
“The data stored in the drives in question contains information from HR operations, which the university processes according to the nature of the case, such as personnel matters, information about students, certain limited research data, operational and financial information, as well as other data that may be personal. This includes sensitive information, such as information about personal scores, disciplinary matters, and wages, and sensitive personal information within the meaning of the personal data protection law, such as information about trade union membership and health information sent to the university. However, it cannot be seen that the area of individual employees was accessed. It is also appropriate to note that HR’s psychological services data are not stored in the drives in question.”
HR notes that the list is not exhaustive.
The hacked information does not seem to have been misused
The announcement also states that there is no evidence that the thieves abused the information, but it cannot be excluded that it was copied or publicly disclosed.
