In the aftermath of the cyberattack on the University of Duisburg-Essen (UDE) in late November, the criminal group responsible for the attack has now published data on the darknet. The University had refused to comply with the attackers’ demands and had not paid the ransom.
The University had shut down the entire IT infrastructure and disconnected it from the Internet immediately after the attack had been discovered. Thus, the criminal organisation could only get their hands on a small proportion of the data. UDE still takes the publication of this data on the darknet very seriously.
Data protection and securing personal data is of the highest priority to UDE. Therefore, all of UDE’s protective measures follow the standards issued by the Federal Office for Information Security (BSI) and the BSI’s IT-Grundschutz methodology. In order to ensure compliance with these standards, the experts at UDE also get support from companies specialising in such matters.
The fact that the attackers still managed to steal data and demand a ransom underlines this organisation’s highly professional approach and criminal resolve once again. And yet, the University of Duisburg-Essen will not engage in their digital extortion and will not facilitate any crimes. This approach is recommended by the Federal Criminal Police Office (BKA) and the Federal Office for Information Security (BSI).
Since the attack, UDE has been in close consultation with the responsible security and investigation authorities. In consultation with the data protection authorities, all necessary steps are being taken to keep the repercussions of the data being published to a minimum. The published data is now being analysed. If individuals or institutions are affected by the publication of their data, they will be informed as quickly as possible.
Please find information from the Federal Office for Information Security (BSI) on guidelines for affected individuals and preventive measures for individuals at: