ITU has contacted 400 people whose information was, by mistake, accessible through an internal network drive. The error was discovered by an employee in ITU's IT department in connection with a routine check of the university's network drives on November 26.
Here, the IT department found a file containing names, job descriptions and CPR numbers of 400 people who have been censors, external lecturers, hourly employees or research assistants at ITU. The file was used for the purpose of selecting censors and paying salaries for the work performed.
By mistake, and against the ITU's guidelines for handling sensitive personal data, an administrative employee placed the file on an internal network drive intended for temporary storage and sharing of files among ITU staff and students in 2015. The file has been potentially accessible to anyone with an ITU username and password in the period 2015-2020.
The information has never been accessible via the Internet or to persons not affiliated with ITU.
“Data security has the highest priority at the IT University, and we are taking this security breach extremely seriously. Needless to say, it is completely unacceptable that personal information has been accessible to unauthorized users. I would like to apologize to everyone who is affected by this security breach, and we will do our utmost to ensure that something similar does not happen again,” says Martin Tvede Zachariasen, Vice Chancellor of ITU.
As soon as the security breach was discovered, the file and all other contents of the network drive in question were immediately made inaccessible, and the drive is now disabled. A subsequent review of the drive has not revealed any other breaches of personal data security.