Sie sind hier: Startseite About Us News Potential data leak at universities

Potential data leak at universities

22.03.2020 01:21

The University of Freiburg was also affected by a software malfunction of the system developer of its Campus Management System

On the internet, there are reports of a potential data leak in University information systems. The University of Freiburg was also affected by this system malfunctions of the system developer. The old Campus Management System HIS-LSF (QIS-SOSPOS) was affected. In the report presented to us from March 17, 2020, there was talk about universities being vulnerable to attacks up to recently. We would like to take this opportunity to inform you on the situation at the University of Freiburg.

On March 6, 2020, one of the state universities discovered the intrinsic system error in the developer software. The developer was immediately notified. The University of Freiburg was infomred on March 6 as well and was involved in the examination process. There, we checked whether it was a local problem or general error in the system. Thereafter, the potentially affected Campus Management System HIS-LSF (QIS-SOSPOS) was taken off the grid and switched off completely. This made eventual access from foreign parties impossible.

The internal review showed that the system at the University of Freiburg was affected as well. The new Campus Management System HISinOne was not affected, since the database in question is basically deactivated. Nevertheless, the system was taken into count in all the measures.

On Monday, March 9, 2020, the system developer published security hotfixes. That day, after local tests and reviews, the LSF of the University of Freiburg was started up after the installation of the security hotfixes. By switching off the systems in question, the security gap was already closed on March 6.

The university has no reason to believe that there was any unauthorized access during the security leak. We assume that the secuirty leak was not detectable. Due to the assessement (from a data protection view) of the incident, the supervisory authority responsible, the state representative for data protection and freedom of information, was notified. We are still waiting for their feedback.

Should you have questions regarding this subject, please contact datenschutz@uni-freiburg.de. You can reach the university's representative for data protection here: datenschutzbeauftrager@uni-freiburg.de

Benutzerspezifische Werkzeuge