University Post
University of Copenhagen
Independent of management


Oops! 600 staff had unlawful access to 13,600 CPR personal ID numbers

Personal data — Sensitive information, including salary data, has been freely available on the University of Copenhagen's servers. New procedures to safeguard the employees’ data introduced

The University of Copenhagen has ended up in an unfortunate case of access to sensitive personal information. 625 staff in the UCPH administration have mistakenly been able to access payroll statistics on 13,600 employees.

The staff have also had access to employees’ CPR personal identification numbers and email addresses, as the salary statistics included this information. This is according to the news site Version2. The cause of the breach is that the data has been moved around the university’s many different drives.


UCPH has not yet informed the Danish Data Protection Agency, but according to Head of Information Security Poul Nielsen, the university is in the process of getting an overview of how long the information has been available.

“This is a firefighting process which is set in motion as soon as we found out. And it is not the most polite turns of phrase that goes through your head. But the damage has happened and you have to start cleaning up,” says Head of Information Security Poul Nielsen at the University of Copenhagen to Version2.

Not the first time

It is not the first time that personal information has been leaked at the University of Copenhagen. Last year, the Faculty of Health and Medical Sciences was criticized by the supervisory Danish Data Protection Agency for mistakenly putting a class list with 277 students’ personal id CPR numbers out on to the university’s intranet, Absalon.

The list was removed one hour later, but the faculty did not inform the students that they had had their CPR numbers leaked. And this resulted in a reprimand by the agency.

In connection with the present case, UCPH states that they are implementing a number of new processes to better safeguard employee data. This includes dedicated drives with log ins, so you can see who is accessing what data.