AALBORG OCTOBER 1, 2020
After the hacker attack at Aalborg University, the subsequent analyses have now been completed. There is still no evidence that IT criminals intended to collect personal data but instead had financial blackmailing as a motive. A fast and extensive reaction by the university halted the attack and limited the impact on the university, our staff, and students.
Since Aalborg University on the 4th of August closed the access to all IT systems, the university has carried out in-depth analyses and continuously informed about its results to the Danish Data Protection Agency, the public, and affected users whose data was compromised. The analyses are now complete.
A quick response, along with the advice of top experts concerning the hacker attack, has apparently averted any major damages.
- ”The hacker attack has made us pay even more attention to security. It should not be able to happen again. Therefore, Aalborg University's students and employees have made new and stronger passwords. In addition, technical measures have been implemented, which both ensure better protection against similar attacks in the future and also provide a better opportunity to identify future attempts to compromise Aalborg University's systems.”, says University Director Antonino Castrone.
Personal data collection was not the motive
Aalborg University still has no reason to believe that the purpose of the attack was to collect personal data. The investigations into the hacker attack show that the attackers have used methods, hacker activities, and tools known from targeted ransomware attacks for financial extortion. Aalborg University has informed those whose personal data information has been compromised, just as the hacker attack has been reported to the Danish Data Protection Agency and reported to the police.
Based on the completed investigation, it can be concluded that the IT criminals have accessed the following areas where personal data have been available:
- Aalborg University’s user database (Active Directory) with all Windows accounts (30,907 accounts). Only general personal data was accessible from the user database. Here you can read about the definition of personal data.
- For 823 employees in Aalborg University's user database (Active Directory), the IT criminals have also copied current and up to 24 previously used password hashes per user account. Here you can read about password hashes.
- 5 system administrators' user accounts and the contents of their associated email accounts. The assessment is that the IT criminals have thus tried to gain knowledge of the university's IT infrastructure. This included access to the system administrators' own and close colleagues' notifications of illness (For example: "I am sick with influenza, so I am not coming to work today").
- An xml file created in 2015 in the Budget System Prophix, which contains general personal data of 28 employees and former employees of Aalborg University.
- An SQL query from spring 2020, in which there was general personal data about 202 employees at Aalborg University consisting of names, initials, work emails, and usernames.
- Finally, the IT criminals have gained access to 10 user accounts. The investigations show that IT criminals have only used these user accounts to access the AAU network.
-”Of course, we take it very seriously when personal data comes into the hands of unauthorized persons, but having said that, we are also very relieved that our processes and monitoring have worked in such a way that we could detect the illicit intrusion early and thus avert a major crash.”, says University Director Antonino Castrone.
Aalborg University considers it relevant to point out that the IT criminals have not gained access to research data at Aalborg University.
Aalborg University has completed the analysis work in relation to the hacker attack, and the university's final conclusion has now been reported to the Danish Data Protection Agency.
For more information see www.its.aau.dk/beredskab
Further information: Chief Advisor Bo Jeppesen, tel. 6140 4061