On the leakage of personal data in the cyber-attack against KTU on 8 December

Due to the attack on the information systems of Kaunas University of Technology on 8 December, when access to many systems was disrupted, an investigation of the incident was immediately initiated and system restoration works were started, the incident was reported to law enforcement and supervisory authorities.  

The internal investigation revealed that the incident resulted in unauthorised access to personal data and other information processed in the affected information systems.

The incident allowed malicious criminals to gain unauthorised access to the following data of the University employees: name, surname, personal identification number, residential address, telephone number, e-mail address, and licence plate number of personal cars.

Although information containing specific images of documents of members of the University community has appeared in the public domain, KTU assures that copies of these documents were not stored by the University in the information systems affected by the cyber-attack. Such information may have been lost from the affected workstations.

Breaching the confidentiality of this data may expose the University community to attempts to act on their behalf without their knowledge or consent, or even attempts to misappropriate their identities and intercept both their work and personal accounts. 

For these reasons, we have already pointed out to you:

• change their passwords for access to the University’s information systems;
• please pay close attention to the content of emails in your inbox and keep an eye on the activities taking place in the information systems;
• be extremely careful not to open obscure links or accept authentication messages or notifications on your phone that are not initiated by you;
• in the event of any suspicious activity, please change your login passwords immediately and report suspicious activity to your line manager and [email protected]
• we recommend that you change all personal passwords if they are the same as those you have used on KTU systems and use multi-factor authentication where possible (SMS or other email confirmations, biometric authentication on phones).

If you would like more information about your leaked data, please contact [email protected].

If you notice any computer malfunction or other anomalous expression, please notify us immediately by emailing [email protected].

The University is continuing to investigate this incident, cooperating with the State Data Protection Inspectorate and the police, and is gradually restoring all affected systems.

Additional security measures are being put in place and if you have any questions regarding your personal data, please contact the University’s Data Protection Officers, Privacy Partners UAB, j.a.k. 304846919, tel. +370 5 254 8240 or by e-mail: [email protected] or [email protected].