Sorbonne University, one of France's most prestigious public universities, has been the target of a new cyberattack. In a statement, the university stated that a "security incident" has "damaged various digital tools.". Although the tools continue to function, the "information system is experiencing significant disruptions.".
More importantly, the attackers have managed to get hold of a mountain of sensitive data." Investigations conducted by the university, with the help of cybersecurity experts, show that the operation resulted in "the compromise of several categories of sensitive data.".
What sensitive data was compromised?
Among the compromised data are "professional email addresses, banking details, social security numbers" and information regarding the remuneration of university staff. According to an internal document consulted by Zataz, 32,000 people employed by Sorbonne University are affected by the data leak. The specialist blog reveals that the compromised information also includes contractual information, such as contract type, employment status, and possible sick leave, as well as IBAN numbers, proof of address, and employment documents.
The hackers got their hands on particularly sensitive information, such as employees' bank details. This data can lead to highly convincing phishing attacks or fraudulent withdrawals from their bank accounts. During several tests, 01net was able to prove that the theft of the IBAN could lead to fraudulent withdrawals from your account. Zataz indicates that the leak does not only affect current university employees. The stolen directory also contained sensitive information on people who had ceased to work at the Sorbonne. All employees or former employees should promptly change all their passwords and, as a precaution, notify their bank of a possible risk of fraud.
The university indicates that it has complied with the General Data Protection Regulation (GDPR), the 2018 law responsible for the protection of personal data of citizens of the European Union. It has notified all relevant authorities of the incident, namely the National Commission for Information Technology and Civil Liberties (CNIL) and the National Agency for the Security of Information Systems (ANSSI). Furthermore, a complaint has been filed with law enforcement.
As researcher Clément Domingo points out, this is already the third cyberattack Sorbonne University has suffered. Hackers notably attacked the school's library in May 2023. Almost ten years earlier, a university website had been infiltrated by cybercriminals. It should also be remembered that the university has repeatedly suffered a wave of DDoS attacks.
Source: Sorbonne University
0 Comments