Cyprus Mail

Personal data leaked in Open University hack, unleashing host of GDPR issues (Updated)


By Nick Theodoulou and Nikolaos Prakas

The wave of cyber-attacks crippling the online services of key Cyprus institutions was most serious at the Open University, as stolen personal data was leaked.

Personal data protection commissioner Irene Loizidou Nicolaidou told state broadcaster CyBC on Wednesday that the university’s management has been in contact with her office and provided additional information on the attack.

Commenting on the incident later in the day, the Open University said that the IT department detected the malicious ransomware attack on their servers.

The attack was from ‘MEDUSA’ ransomware group, and the university said that they are demanding ransom to delete the data, otherwise they will publish it online.

“The attack resulted in several central university services and critical systems going offline as a precautionary measure,” the statement said.

“The university has so far restored access to its website and eLearning platform. From day one of the cyberattack, the university has notified the Digital Security Authority (DSA), the academic CSIRT and the Combating Cybercrime Department of the Cyprus police to undertake the relevant investigations.

“The Commissioner for Personal Data Protection has also been notified about the cyberattack. At the same time, the university’s information technology service together with a number of external partners are working closely to restore all disrupted operations by taking additional technical and organisational measures to mitigate all risks and repair all vulnerabilities.”

The recent wave of attacks also hit the University of Cyprus and the land registration websites – with the latter only recently back online after weeks of being inaccessible.

She emphasised that that all three incidents will be fully investigated, leading to recommendations and guidelines where needed and even the possibility of fines being imposed if serious gaps in digital security are uncovered.

Commenting on the severity of the attacks, Nicolaidou warned that every organisation – private or public – must ensure that protective measures are taken so there are no gaps in digital security, therefore ensuring the protection of personal data.

She explained that the attacks on the land registry and University of Cyprus appear to be more limited as there is no evidence of personal data having been leaked.

Cyber security gained renewed attention earlier this week after state websites went offline following a water leak in the room where the servers are being hosted.

The public has raised concerns and opposition party Akel mocked the government’s stated aim of a “digital transition”.

Follow the Cyprus Mail on Google News

Related Posts

Man caught driving at 106kph on residential street

Tom Cleaver

Tehran plays down reported Israeli attack, signals no further retaliation

Reuters News Service

€10,000 for SME energy efficiency

Kyriacos Nicolaou

Man caught driving at 106kph on residential street

Tom Cleaver

Sexual abuse in schools only ‘isolated incidents’

Nikolaos Prakas

€20 million for new businesses — youth and women key recipients

Kyriacos Nicolaou