The Eberswalde University for Sustainable Development (HNEE) was made aware of an IT security gap in a student data management system by an external source. The gap was closed immediately in close consultation with the software manufacturer.

Based on current information, this gap would have allowed unauthorized third parties to access individual data records of our students and alumni under certain technical conditions. This would have affected first and last names and addresses in particular. The current state of knowledge indicates that no particularly sensitive personal data would have been affected. The security gap was not technically trivial to exploit. There is currently no evidence that personal data has been viewed or misused by unauthorized third parties. The risk to those affected is therefore considered to be low.

Regardless of this, HNEE has reported the incident to the responsible supervisory authority in accordance with the legal requirements of the General Data Protection Regulation and has decided to inform those potentially affected as a precautionary measure. The software used is also used at other universities. It is possible that the security breach will be reported in the media. Providing transparent information to our students, alumni, and employees is a key concern for the university.

Any questions in this regard can be directed to informationssicherheit(at)hnee.de.