Data breach at campus card company ID-Ware affects TU/e

ID-Ware has released a statement online about the data theft, which affects more parties than just TU/e.

The stolen data is primarily that of students, employees and some other campus users. This mainly concerns identification data, such as names, addresses and campus card numbers, but no passwords, photos or key files. As a result, there is no risk of somebody using the data to copy or create new campus cards or gain access to buildings or credit. Everyone can therefore continue to use their campus cards without risk.

However, there is a risk that cardholders will be confronted with more phishing, spam or identity fraud. The mail sent to the affected cardholders calls for increased alertness to this over the coming period. The data breach has been reported to the Dutch Data Protection Authority.

Appropiate measures

Nicole Ummelen, Vice-President of the Executive Board: “We deeply regret that this has happened. As an organization, we are extremely mindful of digital security and we consider the privacy of our employees and students enormously important. We understand why people have concerns about this and we share them. We are therefore going to ensure that we get to the bottom of this so that we can take appropriate measures.”

For TU/e employees and students, there is a comprehensive FAQ with more information that is continuously being updated.

The independent internal supervisor has begun working with the university to investigate the facts of the data breach.

A few weeks ago, it became known that hackers had obtained the data of about 1,800 TU/e campus cards from ID-Ware. Last Friday evening, TU/e received notification from ID-Ware that a second file with TU/e data had been found on the dark web, this time with the data of about 21,000 passes.