Denne artikkelen er også tilgjengelig på norsk.
No action required for employees and students
A file from October 2023 containing names and email addresses of 77,573 students and staff in NTNU’s test environment were stolen. Passwords associated with these email addresses have not been stolen. Users activated after October 2023 have not been affected.
— Names and email addresses from a test environment being compromised are considered to have minimal consequences, and this information is partly public. NTNU has used Feide login with two-factor authentication for services against EQS, and no passwords have been compromised. Therefore, NTNU employees and students do not need to take any action due to the data breach, says Stian Husemoen, Chief Information Security Officer at NTNU.
In addition, usernames, encrypted passwords, and email addresses of 113 EQS users at HUNT Research Centre stolen. Users of EQS at the HUNT Research Centre have been informed verbally at the workplace and via telephone. Those who could not be reached by phone have been notified via SMS. No health data related to research projects in HUNT has been affected by the attack.
Measures implemented to prevent the incident from happening again
Extend AS has closed the entry vector for the attack, changed access keys, restored systems, and engaged a security company for further analysis.
— Fortunately, this has no major consequences for NTNU. But we take the deviation seriously and have reported it to the Norwegian Data Protection Authority, says Husemoen.
NTNU has reviewed the data to identify what kind of information has been compromised and has gone through the notification routines for the system. Additionally, NTNU will conduct an evaluation of EQS in the autumn.