Data leak at HAN

Here we keep you up to date on the data leak at HAN.

315829 Nieuwsbericht hack

Also read the frequently asked questions about the data leak. The FAQs are updated regularly based on the updates.

8 September Update: Wednesday

Yesterday we reported that the attacker claimed to have stolen passwords in the data leak on 1 September. As far as we know now, these are expired passwords. We have been able to identify who these passwords belong to. Today we sent an email to 4,300 people informing them about this.

The email contained the following text:
We regret to inform you that an analysis has shown that one or more of your passwords may have been stolen. These are passwords that you used for one of our online environments in the period before 2018. You may currently be using the same password for other purposes. Our advice is that you change your password(s). 

In our investigation yesterday, we specifically focused on finding out the leaked passwords. The investigation into the nature of other leaked personal data is still ongoing. As soon as we know more, we will inform those concerned. 

7 September Update: Tuesday

Today HAN was contacted by a journalist claiming to have had contact with the attacker. 

The attacker says he has published the stolen data. We cannot yet confirm this, but it is in line with expectations.

The attacker has said he also found passwords. As far as we know, these are expired passwords. So it does not concern current data from a HANaccount. The investigation is still ongoing and focuses on which personal data are involved and who they belong to. It is being conducted with great care, and that takes time. In the coming weeks we will directly inform the people affected. We’ll also advise them if they need to take any action.

5 September Update: Sunday

On 1 September, we discovered that data had come into the hands of third parties. We can now report that we’ve managed to resolve the vulnerability in our ICT environment. 

Data theft  
We took immediate measures on 1 September and also called in independent external experts. The investigation revealed that an external attacker had stolen data via one of our servers. This leak has now been fixed. The press has already reported that the attacker demanded a ransom for the data. HAN has refused to meet those demands. 

What kind of data is involved?
As far as we know, the leak concerns various data such as details that could be entered on online forms via our website. That includes questions about degree programs, requesting general information, but sometimes also reasons for a degree preference or a request for support. And personal data such as the applicant’s names and e-mail address. The dataset also contains contact information for staff. It does not concern HAN login data or data from other systems like the student administration or staff and salary administration systems.  

Informing those affected
As a precaution, we sent an initial message to all students and staff. We also posted a message on our website to inform other people directly involved. The investigation is still ongoing and focuses on which personal data are involved and who they belong to. It is being conducted with great care, and that takes time. In the coming weeks we will directly inform the people affected. We’ll also advise them if they need to take any action. 

Possible consequences 
The attacker could share the data with journalists, publish it on the Internet or try to sell it. Unfortunately, that is common in this type of situation and is difficult to prevent. As always, there is also the risk of phishing and spam. So we are once again warning everyone to be extra alert for this type of cybercrime. 

Finally 
We are in contact with the police and are reporting the incident. We are updating our report to the Data Protection Authority with what we know so far. We’ll post further updates at www.han.nl/datalek. 

Digital security is very important, certainly in education and research, and has our constant attention. We deeply regret that, despite these efforts, we were unable to prevent this incident. Our apologies for any inconvenience you may experience as a result of the situation. We are making every effort to continue to provide a safe online environment for everyone.

 

3 September 19:30 Update Friday evening

The investigation into the data leak is still ongoing. It is being conducted extensively and with great care. In the interest of the investigation, we cannot yet make any further announcements.

We understand there is media coverage and details of the leak can be read elsewhere. At this stage we cannot confirm or deny those reports. You can find up-to-date information on this site.

3 September: 09:00 Investigation in full swing

Behind the scenes we’re working hard to map out the impact of the data leak. We ask all staff and students to follow the updates here and to keep an eye on their mailbox. Also stay alert for phishing.
 

2 September: 14:00 Data leak at HAN

On 1 September, we received notification that personal data had come into the hands of third parties. HAN has taken immediate measures and has called in independent experts to investigate the exact impact. There is also contact with the High Tech Crime Team of the police and a report has been made to the Dutch Data Protection Authority. We will inform the people whose data is affected as soon as possible.

Frequently Asked Questions