Justitiariat / Datenschutzbeauftragter
It was already communicated here that the University of Duisburg-Essen has become the target of a large-scale cyberattack. This supplementary information is intended to provide insights into the current situation.
Numerous systems that are integral to operations have not been available since the cyberattack. We are still currently assessing which systems can be restored in what way. The University of Duisburg-Essen’s network cannot currently be accessed from outside. This situation has now been going on for almost two weeks and it will certainly be a fairly long time yet in which improvements can only be made in individual steps.
Your access credentials in particular were targeted in this attack. Since no access credentials can be considered safe anymore, it cannot be ruled out that further data could be accessed by the attackers. As well as encrypting files, these attackers now frequently also steal data. It is not possible at the moment to determine if and to what extent this was the case during this attack. What we do know is that it is typically data whose value is immediately recognisable that is stolen. The objective of this is to extort UDE, thus the stolen data must be suitable for this purpose. Attackers will put a certain amount of effort into this. Due to the broad scope of the attack, it is not possible to make any specific statements about data that may have been stolen. We have not detected large-scale data transfers to date.
The way back to regular operations will be long and it is possible that specific and personal risks only become apparent as we progress. Only then will we be able to specify which countermeasures could be implemented at UDE or even by you personally.
It can be seen that UDE is working to restore operations from various angles. Of course, fair and pragmatic solutions will be made available to mitigate the consequences if data theft has actually occurred.
As things stand, it is initially absolutely necessary that passwords be changed at UDE. The old UDE password should no longer be used anywhere (not for services that are not run by UDE either).
As it cannot be ruled out that communication data has also been accessed, you should also proceed with caution in contact with others. It will be ensured that attackers will no longer be able to communicate immediately through UDE systems in future. However, it cannot be ruled out that they will attempt fraudulent actions using contents of messages that they already know. Therefore, there is a need for great caution.
Systems should currently be scanned for malware (using antivirus software) on a regular basis. For this purpose, a Sophos update server is now available internally once again. If malware is found or suspected, the system must necessarily be cleansed. If cleansing is not possible, the entire system must be reset. Please report such cases to email@example.com.
Current information on these issues can be found on the uni-due.org website. The Data Protection Officer will also do his best to answer your questions. He can be contacted at firstname.lastname@example.org. Please understand that answers have not yet been found to all questions and that some questions cannot be answered.