Data leak at smart card company ID-ware affects 21,000 TU Eindhoven card holders

Personal data of an estimated 21,000 pass holders at Eindhoven University of Technology have been stolen. Criminals have stolen the data in a ransomware attack on smart card company ID-ware. In most cases this concerns e-mail addresses, residential addresses, names and places of residence.

In an email to affected students and staff, the university reports that the theft was greater than initially thought. After the ID-Ware hack, a limited dataset appeared on the dark web, which also contains data from a number of TU Eindhoven card holders. They were informed on the weekend of 8 October.

However, further research shows that more data is involved, the university writes. Exactly which data has been stolen differs per individual. This mainly concerns e-mail addresses, residential addresses, names, places of birth and student numbers. No passport photos or passwords were allegedly stolen. Eindhoven University of Technology asks the recipients of the e-mail to be extra alert to suspicious e-mails and identity fraud. Those affected can still use their pass.

ID-Ware makes the cards that university staff and students use to print documents and gain access to certain buildings. The software company fell victim last month of a ransomware attack. Although the company quickly regained access to its servers, the perpetrators were unable to escape with data. This also includes data from thousands of civil servants. According to ID-Ware, the hacker group BlackCat, also known as ALPHV, is behind the attack.