Statement on ransomware incident at NVIC
In the following statement we would like to inform you of a ransomware incident at the Netherlands-Flemish Institute in Cairo (NVIC) in which your personal information might have been involved. The University of Leiden administrates this institute. Related to the transition to working from home as a result of the corona crisis, the investigation into this incident has been delayed. This statement is issued later than under normal circumstances would have been the case, for which we ask your understanding.
On 7 April 2020 ransomware was discovered on one of the computers at NVIC. Ransomware is malicious software that is used by unauthorized persons to make computer files inaccessible to the user through encryption. Because the infected computer was used for accounting purposes, it contained files with names of persons that have made or received payments at NVIC. In addition to names, these files also contained so called SAP numbers, cost category numbers and amounts. Which names exactly and how many they were is unknown. It is estimated that the names of between 300 and 500 students, researchers and employees that in one way or another have a relationship to NVIC have been compromised. It is important to note that no other personal information was in the file.
Which measures have been taken?
After the incident, the account of the employee who was confronted with the ransomware was blocked and the profile was scanned for viruses and malware. The hard drives of the infected computer have been destroyed. The infected computer was not connected to the servers in Leiden. The University of Leiden reported the ransomware incident to the Dutch Data Protection Authority as well as investigated possible risks for the people involved.
What are the risks?
Despite the fact that the amount of personal information on the infected computer was limited, a possible risk for the persons involved can’t be ruled out. Because of the combination of names with cost categories, SAP numbers and amounts this risk would be spear phishing in particular. With spear phishing there is a targeted attack on an organization or person, in which the attacker tries to obtain personal information or install malware. Because the hard drives have been destroyed, the names of those involved can’t be retrieved. Through this general message, we want to warn the persons who might be involved for the risk of spear phishing as a result of this incident.
I might be involved. Is it possible someone gained access to my bank information?
No, the files did not contain bank account details or other personal details. Only names, amounts, cost categories and SAP numbers.
What should I pay attention to?
Never open unsolicited emails that you receive. When a message looks suspicious to you, check with the sender of the message by phone. Never wire money for no reason and never share personal information with others. Never open attachments that end with zip, .exe, .js, .lnk, .wsf, .scr and .jar. When in doubt, check the address of the sender through the internet.
Should you have any questions in response to this statement, you can contact NVIC on firstname.lastname@example.org
Netherlands-Flemish Institute in Cairo