The Folia website has published an article about a security breach in SIS, the Student Information System of the UvA and AUAS, which came to light over a month ago. As a result, you may have questions about what the UvA is doing to ensure the security of personal data. That is why the UvA has decided to inform you of the events surrounding this reported security breach.
On 16 May 2016, an AUAS student discovered a security breach in SIS and reported this to the UvA and AUAS, for which they were greatly appreciative. In order to underscore the seriousness of the problem, the student also downloaded a large quantity of student information from the system. This data consisted of names, given names, telephone numbers, email addresses and ID photos (to the extent that these were present). The student was asked to destroy the data immediately, and he declared that he had done so. Immediate action was undertaken to remedy the vulnerability in the system; this was completed on the following day, 17 May. The procedures preventing this type of security breaches have been improved as well. There is no reason to believe that any other party took advantage of the security breach, or by doing so, obtained or misused the personal data in question. For that reason, the UvA initially decided not to inform students of the security breach.
The UvA naturally regrets the course of events. The security of our systems is a priority. This security benefits from bringing security issues to our attention. These may be reported to CERT-UvA, email@example.com.