An external tip-off alerted the University Library to an IT vulnerability. This concerned a system that was temporarily used to update web applications. The University Library’s library management system was not affected. The security vulnerability existed within the period from 6 to 19 April 2022. Unauthorised access to data occurred. The data concerned included only email addresses, usernames and library card numbers. Users’ passwords were not affected.
A report has been filed with the police and the data breach reported to the Saxon Commissioner for Data Protection. The affected users were informed immediately about the vulnerability and the fact that their data may have been accessed, and warned of the possibility of future phishing or spam emails.
IT staff deactivated the system in question as soon as they were made aware of the vulnerability, then initiated further checks and security measures. Currently, the University Library is checking and revising its quality assurance with regard to software development, and its security policies. Since some of the data records concern inactive users, it will also revise the existing erasure concept. Additional steps are being put in place across the University to protect other systems.