Erasmus University Data Breach Exposes Students’ Medical and Financial Information

Not too long ago, the Erasmus University was a victim of a data breach. Although initial results indicated not too much sensitive information was obtained by hackers in the process, it looks as if those findings need to be revised. New data reveals that medical and financial details belonging to an undisclosed number of students were obtained during the breach.

Erasmus University Data Breach Is Far More Severe

Every time a company or institution gets hacked, the question immediately becomes whether the financial information has been leaked. In most cases, the answer to that question is affirmative. When Erasmus University was hacked a couple of weeks ago, it appeared that only student names, addresses, and logins were obtained. But that is only part of the real story.

A total of 270,000 webforms residing on one particular web server were breached during the attack. Close to 5,000 forms contain student medical information, indicating their health and whether or not they suffer from specific ailments. Moreover, it also provides insights into diseases such as dyslexia, allergies, or other conditions relevant to their behavior.

To make matters worse, an even larger undisclosed number of students also had financial information attached to their web forms. This includes bank account details and credit card information. However, no PIN codes or security codes are stored on the platform, which is a minor consolidation for now.

A total of 17,000 students were affected by the data breach, although it is possible that the final tally will be much higher. Nearly 10,000 individuals had their nationality exposed, which should not necessarily be a grave concern. Preliminary results indicate that nearly the same number of students may suffer from identity theft in the future, due to their financial information or passport numbers being obtained by criminals.

What is rather peculiar is how no passwords were part of the data breach. How that is even possible, remains everybody’s guess for the time being. More worryingly, no one knows how hackers managed to breach the server security, or what they are planning to do with the obtained information. A sale of information on the deep web is not unlikely at this stage.

Data breaches are becoming far too common these days. Not only are hackers targeting bigger companies, but they are also attemptiing to obtain medical, personal, and financial information from anyone and everyone in the world. Third party services hosting this data are usually the most vulnerable link in the chain.

If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.