Regarding the breach of personal data security in the cyberattack on KTU on 8 December

 Due to the attack on the information systems of Kaunas University of Technology on 8 December, when access to many systems was disrupted, an investigation of the incident was immediately launched and restoration of the systems was started, and the incident was reported to law enforcement and supervisory authorities. 

An internal investigation has identified the likelihood of unauthorised access to personal data processed on the affected information systems. Based on the information currently available from the investigation, we can neither objectively confirm nor deny the fact of unauthorised access to personal data. 

The incident may have led to unauthorised access by malicious actors to personal data processed by the University as an employer and as a scientific and educational institution.

The University does not process data on health, racial or ethnic origin, political opinions and other sensitive, special categories of personal data. In all cases, personal data used by the University for research purposes, including data on specific health conditions, were immediately depersonalised in accordance with research ethics. 

The breach of confidentiality of these data may expose individuals whose data have been processed by the University in its information systems to attempts to act on their behalf without their knowledge or consent, or even to attempts to misappropriate their identities and to take over both their work and personal accounts.  

For these reasons, the University has already asked its users to change their passwords for access to the University’s information systems and to pay close attention to the content and content of emails in their inboxes and to be vigilant about the activities taking place in the information systems. 

The University also appeals to its former employees or former students to be extremely careful not to open obscure links or accept obscure or unsolicited authentication messages or notifications on your phone. In case of any suspicions, please change your login passwords on your personal systems immediately.  

The University is continuing to investigate this incident and is gradually restoring all affected systems. Additional security measures are being put in place rather than simply restoring the functionality of these systems. Immediately after the incident, the University notified the State Data Protection Inspectorate, the National Cyber Security Centre and the Lithuanian Police.  

If you have any questions regarding your personal data, please contact the University’s Data Protection Officers, Privacy Partners UAB, j.a.k. 304846919, tel. +370 5 254 8240 or by e-mail: duomenu.apsauga@ktu.lt or gdpr@privacypartners.lt .

Pranešimą paskelbė: Mantas Lapinskas, Kauno technologijos universitetas