Erasmus University Data Breach (2016)

Not too long ago, the Erasmus University was a victim of a data breach. Although initial results indicated not too much sensitive information was obtained by hackers in the process, it looks as if those findings need to be revised. New data reveals that medical and financial details belonging to an undisclosed number of students were obtained during the breach. A total of 270,000 webforms residing on one particular web server were breached during the attack. Close to 5,000 forms contain student medical information, indicating their health and whether or not they suffer from specific ailments. Moreover, it also provides insights into diseases such as dyslexia, allergies, or other conditions relevant to their behavior. To make matters worse, an even larger undisclosed number of students also had financial information attached to their web forms. This includes bank account details and credit card information. However, no PIN codes or security codes are stored on the platform, which is a minor consolidation for now. A total of 17,000 students were affected by the data breach, although it is possible that the final tally will be much higher. Nearly 10,000 individuals had their nationality exposed, which should not necessarily be a grave concern. Preliminary results indicate that nearly the same number of students may suffer from identity theft in the future, due to their financial information or passport numbers being obtained by criminals. What is rather peculiar is how no passwords were part of the data breach. How that is even possible, remains everybody's guess for the time being. More worryingly, no one knows how hackers managed to breach the server security, or what they are planning to do with the obtained information. A sale of information on the deep web is not unlikely at this stage.