{"id":171103,"date":"2024-12-10T05:27:00","date_gmt":"2024-12-10T04:27:00","guid":{"rendered":"https:\/\/uniavisen.dk\/ny-sikkerhedsbrist-paa-ku-endnu-en-gang-er-personfoelsomme-oplysninger-kompromitteret\/"},"modified":"2024-12-10T08:01:01","modified_gmt":"2024-12-10T07:01:01","slug":"new-security-breach-at-university-of-copenhagen-sensitive-personal-information-compromised","status":"publish","type":"post","link":"https:\/\/uniavisen.dk\/en\/new-security-breach-at-university-of-copenhagen-sensitive-personal-information-compromised\/","title":{"rendered":"New security breach at University of Copenhagen: Sensitive personal information compromised"},"content":{"rendered":"

Only six months after a major case of unauthorised access to sensitive personal information<\/a>, the University of Copenhagen (UCPH) has yet again been affected by a security breach. Employees working in the university\u2019s journal system temporarily allowed access to documents containing Danish personal identification CPR numbers, health details, consultations, and exam certificates.<\/p>\n

The University Post has spoken to Deputy Director Thomas Molin, who heads the joint HR department at UCPH and who has responsibility for the latest breach. He says the slip-up is \u00bbdeeply regrettable\u00ab.<\/p>\n

\u00bbWe take this very seriously. That is why this is also an opportunity to review our procedures and systems,\u00ab he says.<\/p>\n

You can always do more, and you can always enforce more controls. We will now step it up in light of this incident<\/p>\n

Thomas Molin, Deputy Director at UCPH and Head of the Shared HR department<\/p>\n<\/blockquote>\n

According to the deputy director, the error occurred during the mandatory submission of archived documents to the Danish National Archives. A technical glitch removed access restrictions on some documents, making them available to more UCPH employees than intended.<\/p>\n

This led to a further investigation that revealed several documents lacked proper access restrictions, allowing the staff who were using the journal system to view them.<\/p>\n

The error has been reported to the Danish Data Protection Agency.<\/p>\n

Thomas Molin emphasizes that employees who inadvertently had access to sensitive information are bound by confidentiality under penalty of law. The university has found no evidence that the information has been accessed or misused.<\/p>\n

Lack of data discipline<\/h3>\n

According to Thomas Molin, approximately 2,500 employees have had access to the sensitive information.<\/p>\n

\u00bbThe error occurred because employees failed to apply the correct access restrictions to documents,\u00ab says Thomas Molin.<\/p>\n

This remains your and your department\u2019s overall responsibility. Should you have maintained stricter ongoing control to ensure UCPH employees followed correct procedures?<\/em><\/p>\n

\u00bbWe are responsible for having a journalization plan and guidelines on how to use these systems correctly. This is in place. However, you can always do more, and you can always enforce more controls. We will now step this up in light of this incident,\u00ab says Thomas Molin.<\/p>\n

According to the deputy director, it is not possible to monitor all employees to ensure documents are archived correctly. In the future, technical checks will be carried out on documents for specific keywords that should trigger access restrictions.<\/p>\n

\u00bbTake a word like \u2018medical certificate\u2019. If it appears in a document, it should be assumed that the document is not meant to be accessible to everyone,\u00ab says Thomas Molin.<\/p>\n

Repetition of previous issues<\/h3>\n

The case echoes a similar incident earlier this year, where a group of employees had unauthorised access to personal data on more than 300,000 individuals associated with the university. At that time, the affected data included CPR numbers, private addresses, and salary-related information.<\/p>\n

The UCPH IT Director, Karen Bjernemose Rahbek, expressed regret over the previous incident to the University Post and assured that measures were being taken to prevent similar errors.<\/p>\n

READ ALSO:<\/strong> IT Director blames data error on \u00bboutdated IT systems\u00ab<\/em><\/a><\/p>\n

Sometimes, things happen that simply shouldn\u2019t.<\/p>\n

Thomas Molin, Deputy Director at UCPH and Head of the Shared HR department<\/p>\n<\/blockquote>\n

Thomas Molin, how can this happen again just six months later?<\/em><\/p>\n

\u00bbIt was an entirely different technical problem involving a drive believed to be restricted to a specific group of people, which it wasn\u2019t. This is a separate issue, but the consequence is the same: some individuals had access to documents they shouldn\u2019t have,\u00ab he says.<\/p>\n

What does this say about data security at UCPH, given these two comparable errors within six months?<\/em><\/p>\n

\u00bbI think it reflects what happens in most organizations, that sometimes things happen that simply shouldn\u2019t. We learn from it, improve, and move on. That is what we must take from this incident. But for now, we can only apologize and take it seriously,\u00ab says Thomas Molin, adding:<\/p>\n

\u00bbIt shouldn\u2019t happen, but one must also acknowledge that UCPH is an extremely large organisation with a vast number of IT systems. Managing and continuously improving technical security while ensuring users operate the systems correctly is a massive undertaking.\u00ab<\/p>\n

Measures and future security checks<\/h3>\n

According to Thomas Molin, the University of Copenhagen will now work intensively to prevent similar errors in the future. The measures include an internal awareness campaign on proper use of the journal system.<\/p>\n

\u00bbWe need to increase awareness and improve communication about the importance of getting these things right. We will also look into adding prominent icons in the system, so if someone saves a document without a restriction, a prompt will appear asking if they are sure,\u00ab says Thomas Molin.<\/p>\n

According to the deputy director, data security will only become more critical as IT systems continue to play a larger role in the future.<\/p>\n

\u00bbIt is therefore important that users are adequately equipped to operate the system correctly,\u00ab he says.
\n<\/p>\n","protected":false},"excerpt":{"rendered":"

Deputy director apologizes and promises stricter access restrictions.<\/p>\n","protected":false},"author":106,"featured_media":170994,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[4539],"tags":[],"class_list":["post-171103","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-arbejdsmiljoe-en","expression-news_article"],"acf":[],"aioseo_notices":[],"yoast_head":"\nNew security breach at University of Copenhagen: Sensitive personal information compromised \u2014 University Post<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/uniavisen.dk\/en\/new-security-breach-at-university-of-copenhagen-sensitive-personal-information-compromised\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"New security breach at University of Copenhagen: Sensitive personal information compromised \u2014 University Post\" \/>\n<meta property=\"og:description\" content=\"Deputy director apologizes and promises stricter access restrictions.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/uniavisen.dk\/en\/new-security-breach-at-university-of-copenhagen-sensitive-personal-information-compromised\/\" \/>\n<meta property=\"og:site_name\" content=\"University Post\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/uniavis\" \/>\n<meta property=\"article:published_time\" content=\"2024-12-10T04:27:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-12-10T07:01:01+00:00\" \/>\n<meta property=\"og:image\" content=\"http:\/\/uniavisen.dk\/wp-content\/uploads\/2024\/12\/nytserverbillede-scaled.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"2560\" \/>\n\t<meta property=\"og:image:height\" content=\"1707\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Martin Juhl\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/uniavisen.dk\/wp-content\/uploads\/2024\/12\/nytserverbillede-scaled.jpg\" \/>\n<meta name=\"twitter:creator\" content=\"@Uniavisen\" \/>\n<meta name=\"twitter:site\" content=\"@Uniavisen\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Martin Juhl\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/uniavisen.dk\\\/en\\\/new-security-breach-at-university-of-copenhagen-sensitive-personal-information-compromised\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/uniavisen.dk\\\/en\\\/new-security-breach-at-university-of-copenhagen-sensitive-personal-information-compromised\\\/\"},\"author\":{\"name\":\"Martin Juhl\",\"@id\":\"https:\\\/\\\/uniavisen.dk\\\/#\\\/schema\\\/person\\\/ff6534f5b2402ad00c090ce725c33b27\"},\"headline\":\"New security breach at University of Copenhagen: Sensitive personal information compromised\",\"datePublished\":\"2024-12-10T04:27:00+00:00\",\"dateModified\":\"2024-12-10T07:01:01+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/uniavisen.dk\\\/en\\\/new-security-breach-at-university-of-copenhagen-sensitive-personal-information-compromised\\\/\"},\"wordCount\":831,\"image\":{\"@id\":\"https:\\\/\\\/uniavisen.dk\\\/en\\\/new-security-breach-at-university-of-copenhagen-sensitive-personal-information-compromised\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/uniavisen.dk\\\/wp-content\\\/uploads\\\/2024\\\/12\\\/nytserverbillede-scaled.jpg\",\"articleSection\":[\"Working environment\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/uniavisen.dk\\\/en\\\/new-security-breach-at-university-of-copenhagen-sensitive-personal-information-compromised\\\/\",\"url\":\"https:\\\/\\\/uniavisen.dk\\\/en\\\/new-security-breach-at-university-of-copenhagen-sensitive-personal-information-compromised\\\/\",\"name\":\"New security breach at University of Copenhagen: Sensitive personal information compromised \u2014 University Post\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/uniavisen.dk\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/uniavisen.dk\\\/en\\\/new-security-breach-at-university-of-copenhagen-sensitive-personal-information-compromised\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/uniavisen.dk\\\/en\\\/new-security-breach-at-university-of-copenhagen-sensitive-personal-information-compromised\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/uniavisen.dk\\\/wp-content\\\/uploads\\\/2024\\\/12\\\/nytserverbillede-scaled.jpg\",\"datePublished\":\"2024-12-10T04:27:00+00:00\",\"dateModified\":\"2024-12-10T07:01:01+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/uniavisen.dk\\\/#\\\/schema\\\/person\\\/ff6534f5b2402ad00c090ce725c33b27\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/uniavisen.dk\\\/en\\\/new-security-breach-at-university-of-copenhagen-sensitive-personal-information-compromised\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/uniavisen.dk\\\/en\\\/new-security-breach-at-university-of-copenhagen-sensitive-personal-information-compromised\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/uniavisen.dk\\\/en\\\/new-security-breach-at-university-of-copenhagen-sensitive-personal-information-compromised\\\/#primaryimage\",\"url\":\"https:\\\/\\\/uniavisen.dk\\\/wp-content\\\/uploads\\\/2024\\\/12\\\/nytserverbillede-scaled.jpg\",\"contentUrl\":\"https:\\\/\\\/uniavisen.dk\\\/wp-content\\\/uploads\\\/2024\\\/12\\\/nytserverbillede-scaled.jpg\",\"width\":2560,\"height\":1707,\"caption\":\"En gruppe p\u00e5 omkring 2.500 ansatte p\u00e5 KU har haft uretm\u00e6ssig adgang til personf\u00f8lsomme oplysninger, der blandt andet t\u00e6ller CPR-numre og helbredsoplysninger.\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/uniavisen.dk\\\/en\\\/new-security-breach-at-university-of-copenhagen-sensitive-personal-information-compromised\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/uniavisen.dk\\\/en\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"New security breach at University of Copenhagen: Sensitive personal information compromised\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/uniavisen.dk\\\/#website\",\"url\":\"https:\\\/\\\/uniavisen.dk\\\/\",\"name\":\"University Post\",\"description\":\"Independent of management\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/uniavisen.dk\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/uniavisen.dk\\\/#\\\/schema\\\/person\\\/ff6534f5b2402ad00c090ce725c33b27\",\"name\":\"Martin Juhl\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/1797e6a2f5504b0011d25ea810ff777cf9961880304ebea2975858e118970e05?s=96&d=identicon&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/1797e6a2f5504b0011d25ea810ff777cf9961880304ebea2975858e118970e05?s=96&d=identicon&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/1797e6a2f5504b0011d25ea810ff777cf9961880304ebea2975858e118970e05?s=96&d=identicon&r=g\",\"caption\":\"Martin Juhl\"},\"url\":\"https:\\\/\\\/uniavisen.dk\\\/en\\\/author\\\/martin_juhl_petersen\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"New security breach at University of Copenhagen: Sensitive personal information compromised \u2014 University Post","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/uniavisen.dk\/en\/new-security-breach-at-university-of-copenhagen-sensitive-personal-information-compromised\/","og_locale":"en_US","og_type":"article","og_title":"New security breach at University of Copenhagen: Sensitive personal information compromised \u2014 University Post","og_description":"Deputy director apologizes and promises stricter access restrictions.","og_url":"https:\/\/uniavisen.dk\/en\/new-security-breach-at-university-of-copenhagen-sensitive-personal-information-compromised\/","og_site_name":"University Post","article_publisher":"https:\/\/www.facebook.com\/uniavis","article_published_time":"2024-12-10T04:27:00+00:00","article_modified_time":"2024-12-10T07:01:01+00:00","og_image":[{"width":2560,"height":1707,"url":"http:\/\/uniavisen.dk\/wp-content\/uploads\/2024\/12\/nytserverbillede-scaled.jpg","type":"image\/jpeg"}],"author":"Martin Juhl","twitter_card":"summary_large_image","twitter_image":"https:\/\/uniavisen.dk\/wp-content\/uploads\/2024\/12\/nytserverbillede-scaled.jpg","twitter_creator":"@Uniavisen","twitter_site":"@Uniavisen","twitter_misc":{"Written by":"Martin Juhl","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/uniavisen.dk\/en\/new-security-breach-at-university-of-copenhagen-sensitive-personal-information-compromised\/#article","isPartOf":{"@id":"https:\/\/uniavisen.dk\/en\/new-security-breach-at-university-of-copenhagen-sensitive-personal-information-compromised\/"},"author":{"name":"Martin Juhl","@id":"https:\/\/uniavisen.dk\/#\/schema\/person\/ff6534f5b2402ad00c090ce725c33b27"},"headline":"New security breach at University of Copenhagen: Sensitive personal information compromised","datePublished":"2024-12-10T04:27:00+00:00","dateModified":"2024-12-10T07:01:01+00:00","mainEntityOfPage":{"@id":"https:\/\/uniavisen.dk\/en\/new-security-breach-at-university-of-copenhagen-sensitive-personal-information-compromised\/"},"wordCount":831,"image":{"@id":"https:\/\/uniavisen.dk\/en\/new-security-breach-at-university-of-copenhagen-sensitive-personal-information-compromised\/#primaryimage"},"thumbnailUrl":"https:\/\/uniavisen.dk\/wp-content\/uploads\/2024\/12\/nytserverbillede-scaled.jpg","articleSection":["Working environment"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/uniavisen.dk\/en\/new-security-breach-at-university-of-copenhagen-sensitive-personal-information-compromised\/","url":"https:\/\/uniavisen.dk\/en\/new-security-breach-at-university-of-copenhagen-sensitive-personal-information-compromised\/","name":"New security breach at University of Copenhagen: Sensitive personal information compromised \u2014 University Post","isPartOf":{"@id":"https:\/\/uniavisen.dk\/#website"},"primaryImageOfPage":{"@id":"https:\/\/uniavisen.dk\/en\/new-security-breach-at-university-of-copenhagen-sensitive-personal-information-compromised\/#primaryimage"},"image":{"@id":"https:\/\/uniavisen.dk\/en\/new-security-breach-at-university-of-copenhagen-sensitive-personal-information-compromised\/#primaryimage"},"thumbnailUrl":"https:\/\/uniavisen.dk\/wp-content\/uploads\/2024\/12\/nytserverbillede-scaled.jpg","datePublished":"2024-12-10T04:27:00+00:00","dateModified":"2024-12-10T07:01:01+00:00","author":{"@id":"https:\/\/uniavisen.dk\/#\/schema\/person\/ff6534f5b2402ad00c090ce725c33b27"},"breadcrumb":{"@id":"https:\/\/uniavisen.dk\/en\/new-security-breach-at-university-of-copenhagen-sensitive-personal-information-compromised\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/uniavisen.dk\/en\/new-security-breach-at-university-of-copenhagen-sensitive-personal-information-compromised\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/uniavisen.dk\/en\/new-security-breach-at-university-of-copenhagen-sensitive-personal-information-compromised\/#primaryimage","url":"https:\/\/uniavisen.dk\/wp-content\/uploads\/2024\/12\/nytserverbillede-scaled.jpg","contentUrl":"https:\/\/uniavisen.dk\/wp-content\/uploads\/2024\/12\/nytserverbillede-scaled.jpg","width":2560,"height":1707,"caption":"En gruppe p\u00e5 omkring 2.500 ansatte p\u00e5 KU har haft uretm\u00e6ssig adgang til personf\u00f8lsomme oplysninger, der blandt andet t\u00e6ller CPR-numre og helbredsoplysninger."},{"@type":"BreadcrumbList","@id":"https:\/\/uniavisen.dk\/en\/new-security-breach-at-university-of-copenhagen-sensitive-personal-information-compromised\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/uniavisen.dk\/en\/"},{"@type":"ListItem","position":2,"name":"New security breach at University of Copenhagen: Sensitive personal information compromised"}]},{"@type":"WebSite","@id":"https:\/\/uniavisen.dk\/#website","url":"https:\/\/uniavisen.dk\/","name":"University Post","description":"Independent of management","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/uniavisen.dk\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/uniavisen.dk\/#\/schema\/person\/ff6534f5b2402ad00c090ce725c33b27","name":"Martin Juhl","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/1797e6a2f5504b0011d25ea810ff777cf9961880304ebea2975858e118970e05?s=96&d=identicon&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/1797e6a2f5504b0011d25ea810ff777cf9961880304ebea2975858e118970e05?s=96&d=identicon&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/1797e6a2f5504b0011d25ea810ff777cf9961880304ebea2975858e118970e05?s=96&d=identicon&r=g","caption":"Martin Juhl"},"url":"https:\/\/uniavisen.dk\/en\/author\/martin_juhl_petersen\/"}]}},"advancedCustomFields":{"expression":{"term_id":15,"name":"News Article","slug":"news_article","term_group":0,"term_taxonomy_id":15,"taxonomy":"expression","description":"","parent":0,"count":11489,"filter":"raw"},"enable_comments":true,"align_content":"alignleft","feature_color":"","article_updated":"","layout_group":[{"acf_fc_layout":"Headline","use_post_title":true,"headline":"","style":"default","highlighted_words":"","text_size":"small"},{"acf_fc_layout":"Image","image":{"ID":170993,"id":170993,"title":"NYTServerbillede","filename":"nytserverbillede-scaled.jpg","filesize":686478,"url":"https:\/\/uniavisen.dk\/wp-content\/uploads\/2024\/12\/nytserverbillede-scaled.jpg","link":"https:\/\/uniavisen.dk\/en\/ny-sikkerhedsbrist-paa-ku-endnu-en-gang-er-personfoelsomme-oplysninger-kompromitteret\/nytserverbillede\/","alt":"","author":"106","description":"","caption":"En gruppe p\u00e5 omkring 2.500 ansatte p\u00e5 KU har haft uretm\u00e6ssig adgang til personf\u00f8lsomme oplysninger, der blandt andet t\u00e6ller CPR-numre og helbredsoplysninger.","name":"nytserverbillede","status":"inherit","uploaded_to":170977,"date":"2024-12-05 15:52:19","modified":"2024-12-05 15:53:45","menu_order":0,"mime_type":"image\/jpeg","type":"image","subtype":"jpeg","icon":"https:\/\/uniavisen.dk\/wp-includes\/images\/media\/default.png","width":2560,"height":1707,"sizes":{"thumbnail":"https:\/\/uniavisen.dk\/wp-content\/uploads\/2024\/12\/nytserverbillede-150x150.jpg","thumbnail-width":150,"thumbnail-height":150,"medium":"https:\/\/uniavisen.dk\/wp-content\/uploads\/2024\/12\/nytserverbillede-480x320.jpg","medium-width":480,"medium-height":320,"medium_large":"https:\/\/uniavisen.dk\/wp-content\/uploads\/2024\/12\/nytserverbillede-768x512.jpg","medium_large-width":768,"medium_large-height":512,"large":"https:\/\/uniavisen.dk\/wp-content\/uploads\/2024\/12\/nytserverbillede-1280x854.jpg","large-width":1280,"large-height":854,"1536x1536":"https:\/\/uniavisen.dk\/wp-content\/uploads\/2024\/12\/nytserverbillede-1536x1024.jpg","1536x1536-width":1536,"1536x1536-height":1024,"2048x2048":"https:\/\/uniavisen.dk\/wp-content\/uploads\/2024\/12\/nytserverbillede-2048x1366.jpg","2048x2048-width":2048,"2048x2048-height":1366,"featured-soft":"https:\/\/uniavisen.dk\/wp-content\/uploads\/2024\/12\/nytserverbillede-290x193.jpg","featured-soft-width":290,"featured-soft-height":193,"featured-hard":"https:\/\/uniavisen.dk\/wp-content\/uploads\/2024\/12\/nytserverbillede-290x180.jpg","featured-hard-width":290,"featured-hard-height":180,"narrow":"https:\/\/uniavisen.dk\/wp-content\/uploads\/2024\/12\/nytserverbillede-700x467.jpg","narrow-width":700,"narrow-height":467,"extended":"https:\/\/uniavisen.dk\/wp-content\/uploads\/2024\/12\/nytserverbillede-990x660.jpg","extended-width":990,"extended-height":660}},"style":"extended","text_placement":"metadata-below","image_link_url":"","image_link_title":"","caption_prefix":"","enable_alternative_caption":true,"alternative_caption":"A group of approximately 2,500 UCPH employees had unauthorised access to sensitive personal information, including CPR numbers and health data."},{"acf_fc_layout":"Standfirst","subject":"Data security","text":" Deputy director apologizes and promises stricter access restrictions.","use_post_excerpt":false},{"acf_fc_layout":"Byline","is_author":true,"contributors":false},{"acf_fc_layout":"Content","content":"<p>Only six months after <a href=\"https:\/\/uniavisen.dk\/en\/data-slip-up-it-manager-blames-it-on-ageing-it-systems\/\" target=\"_blank\" rel=\"noopener\">a major case of unauthorised access to sensitive personal information<\/a>, the University of Copenhagen (UCPH) has yet again been affected by a security breach. Employees working in the university\u2019s journal system temporarily allowed access to documents containing Danish personal identification CPR numbers, health details, consultations, and exam certificates.<\/p>\n<p>The University Post has spoken to Deputy Director Thomas Molin, who heads the joint HR department at UCPH and who has responsibility for the latest breach. He says the slip-up is \u00bbdeeply regrettable\u00ab.<\/p>\n<p>\u00bbWe take this very seriously. That is why this is also an opportunity to review our procedures and systems,\u00ab he says.<\/p>\n<blockquote><p>You can always do more, and you can always enforce more controls. We will now step it up in light of this incident<\/p>\n<p class=\"quotee\">Thomas Molin, Deputy Director at UCPH and Head of the Shared HR department<\/p>\n<\/blockquote>\n<p>According to the deputy director, the error occurred during the mandatory submission of archived documents to the Danish National Archives. A technical glitch removed access restrictions on some documents, making them available to more UCPH employees than intended.<\/p>\n<p>This led to a further investigation that revealed several documents lacked proper access restrictions, allowing the staff who were using the journal system to view them.<\/p>\n<p>The error has been reported to the Danish Data Protection Agency.<\/p>\n<p>Thomas Molin emphasizes that employees who inadvertently had access to sensitive information are bound by confidentiality under penalty of law. The university has found no evidence that the information has been accessed or misused.<\/p>\n<h3>Lack of data discipline<\/h3>\n<p>According to Thomas Molin, approximately 2,500 employees have had access to the sensitive information.<\/p>\n<p>\u00bbThe error occurred because employees failed to apply the correct access restrictions to documents,\u00ab says Thomas Molin.<\/p>\n<p><em>This remains your and your department\u2019s overall responsibility. Should you have maintained stricter ongoing control to ensure UCPH employees followed correct procedures?<\/em><\/p>\n<p>\u00bbWe are responsible for having a journalization plan and guidelines on how to use these systems correctly. This is in place. However, you can always do more, and you can always enforce more controls. We will now step this up in light of this incident,\u00ab says Thomas Molin.<\/p>\n<p>According to the deputy director, it is not possible to monitor all employees to ensure documents are archived correctly. In the future, technical checks will be carried out on documents for specific keywords that should trigger access restrictions.<\/p>\n<p>\u00bbTake a word like \u2018medical certificate\u2019. If it appears in a document, it should be assumed that the document is not meant to be accessible to everyone,\u00ab says Thomas Molin.<\/p>\n<h3>Repetition of previous issues<\/h3>\n<p>The case echoes a similar incident earlier this year, where a group of employees had unauthorised access to personal data on more than 300,000 individuals associated with the university. At that time, the affected data included CPR numbers, private addresses, and salary-related information.<\/p>\n<p>The UCPH IT Director, Karen Bjernemose Rahbek, expressed regret over the previous incident to the University Post and assured that measures were being taken to prevent similar errors.<\/p>\n<p><strong>READ ALSO:<\/strong> <a href=\"https:\/\/uniavisen.dk\/it-chef-skyder-skylden-for-data-broeler-paa-aldrende-it-systemer\/\" target=\"_blank\" rel=\"noopener\"><em>IT Director blames data error on \u00bboutdated IT systems\u00ab<\/em><\/a><\/p>\n<blockquote><p>Sometimes, things happen that simply shouldn\u2019t.<\/p>\n<p class=\"quotee\">Thomas Molin, Deputy Director at UCPH and Head of the Shared HR department<\/p>\n<\/blockquote>\n<p><em>Thomas Molin, how can this happen again just six months later?<\/em><\/p>\n<p>\u00bbIt was an entirely different technical problem involving a drive believed to be restricted to a specific group of people, which it wasn\u2019t. This is a separate issue, but the consequence is the same: some individuals had access to documents they shouldn\u2019t have,\u00ab he says.<\/p>\n<p><em>What does this say about data security at UCPH, given these two comparable errors within six months?<\/em><\/p>\n<p>\u00bbI think it reflects what happens in most organizations, that sometimes things happen that simply shouldn\u2019t. We learn from it, improve, and move on. That is what we must take from this incident. But for now, we can only apologize and take it seriously,\u00ab says Thomas Molin, adding:<\/p>\n<p>\u00bbIt shouldn\u2019t happen, but one must also acknowledge that UCPH is an extremely large organisation with a vast number of IT systems. Managing and continuously improving technical security while ensuring users operate the systems correctly is a massive undertaking.\u00ab<\/p>\n<h3>Measures and future security checks<\/h3>\n<p>According to Thomas Molin, the University of Copenhagen will now work intensively to prevent similar errors in the future. The measures include an internal awareness campaign on proper use of the journal system.<\/p>\n<p>\u00bbWe need to increase awareness and improve communication about the importance of getting these things right. We will also look into adding prominent icons in the system, so if someone saves a document without a restriction, a prompt will appear asking if they are sure,\u00ab says Thomas Molin.<\/p>\n<p>According to the deputy director, data security will only become more critical as IT systems continue to play a larger role in the future.<\/p>\n<p>\u00bbIt is therefore important that users are adequately equipped to operate the system correctly,\u00ab he says.<\/p>\n"},{"acf_fc_layout":"ArticleEnd"},{"acf_fc_layout":"Newsletter","lang_select":"en","identifier":"Newsletter","headline":"Get an email with our top stories","button_text":"Sign up here","class":""},{"acf_fc_layout":"OtherStories","headline":"","hand_picked_posts":false,"references":false,"category":false,"theme":false,"number_of_posts":"4","style":"default"}]},"taxonomyData":{"category":[{"term_id":4539,"name":"Working environment","slug":"arbejdsmiljoe-en","term_group":0,"term_taxonomy_id":4539,"taxonomy":"category","description":"","parent":0,"count":95,"filter":"raw"}],"post_tag":[],"post_format":[],"expression":[{"term_id":15,"name":"News Article","slug":"news_article","term_group":0,"term_taxonomy_id":15,"taxonomy":"expression","description":"","parent":0,"count":11489,"filter":"raw"}],"translation_priority":[{"term_id":5468,"name":"Optional","slug":"optional-en","term_group":0,"term_taxonomy_id":5468,"taxonomy":"translation_priority","description":"","parent":0,"count":672,"filter":"raw"}]},"featured_media_url":"https:\/\/uniavisen.dk\/wp-content\/uploads\/2024\/12\/nytserverbillede-1280x854.jpg","_links":{"self":[{"href":"https:\/\/uniavisen.dk\/en\/wp-json\/wp\/v2\/posts\/171103","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/uniavisen.dk\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/uniavisen.dk\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/uniavisen.dk\/en\/wp-json\/wp\/v2\/users\/106"}],"replies":[{"embeddable":true,"href":"https:\/\/uniavisen.dk\/en\/wp-json\/wp\/v2\/comments?post=171103"}],"version-history":[{"count":11,"href":"https:\/\/uniavisen.dk\/en\/wp-json\/wp\/v2\/posts\/171103\/revisions"}],"predecessor-version":[{"id":171122,"href":"https:\/\/uniavisen.dk\/en\/wp-json\/wp\/v2\/posts\/171103\/revisions\/171122"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/uniavisen.dk\/en\/wp-json\/wp\/v2\/media\/170994"}],"wp:attachment":[{"href":"https:\/\/uniavisen.dk\/en\/wp-json\/wp\/v2\/media?parent=171103"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/uniavisen.dk\/en\/wp-json\/wp\/v2\/categories?post=171103"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/uniavisen.dk\/en\/wp-json\/wp\/v2\/tags?post=171103"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}