Data breach: questions and answers

Illegally obtained data including personal data of people with an Inholland Moodle account are exposed and possibly being sold. Please find below answers to the most frequently asked questions. 

Info for students and colleagues

Please check Iris for updated questions and answers.

Take me to Iris

FAQ Data Breach

What kind of data breach did it involve?

It regards an illegally obtained data file containing personal information of Inholland Moodle-users. This file is now exposed online and possibly being sold. The investigation of what exactly happened is still ongoing. 

What type of personal data is exposed?

It concerns the following personal data: mail address, first name and last name. If you have placed additional personal data in your Inholland Moodle profile yourself, this data is also part of the data breach.

What is happening or could happen to my personal data?

Malicious people could perhaps use your data to send out phishing emails.

  • Pay attention to digital matters that you don’t trust.
  • Check the email address: is the email actually sent by the sender.
  • Please pay special attention to matters that might seem dodgy to you. Stay alert when it comes to emails that request you to enter data, to make payments by clicking on links and opening attachments. A lot of times you cannot distinguish these messages from being truth or false.
  • If you have any doubts: do not click on the link!
  • Did you unintentionally respond to a request, please report this directly at the Servicepunt IVT: servicepuntivt@inholland.nl.

What can I do to avoid the misuse of my personal data?

Please pay special attention to matters that might seem dodgy to you. Stay alert when it comes to emails that request you to enter data, to make payments by clicking on links and opening attachments. A lot of times you cannot distinguish these messages from being truth or false. If you have any doubts: do not click on the link!

What does Inholland as a University of Applied Sciences do to protect her employees and students?

We have put some measures in place to limit the consequences of this data breach:

  • A specific module has been shut down that complicates the illegal export of data.
  • A forensic investigation has started to track down what caused this, who is responsible and how we could avoid these kind of situations in the future.

Do I need to change my password?

It’s always smart to regularly update and change your passwords. Based on forensic investigation conducted in response to the data breach of 1 March, it is not necessary right now to change your Inholland password.

The encrypted passwords from a small group of Moodle users without an Inholland account, but with a Moodle account at Inholland, has been exposed and possibly sold. This group is informed separately.

I have another question. Who should I address to?

You can send your questions to communicatie@inholland.nl

Have any passwords been leaked?

Via the data sets 791 encrypted passwords have been compromised. It concerns Moodle-accounts of external parties. They have been personally informed.

Why was the learning platform Moodle shut down?

Due to the investigation of the data breach we had to necessarily install and test Moodle again which caused the temporarily shut down. down.

Is Mahara accessible again?

Yes the necessary maintenance activities of Moodle are finished which means Mahara is also accessible again.

Unfortunately we found out during the maintenance activities that a part of the data could not be restored. For you specifically, this means all of your actions that you carried out in Mahara from Wednesday 3 March 2021 00:00 until Saturday morning 6 March 10:00 has not been saved. All actions carried out before that timeframe have been saved and are available in your own Mahara environment.

In case you did carry out activities in above mentioned timeframe, you will unfortunately have to carry out those activities again. We can imagine how annoying this is and we hope this isn’t causing too much of an inconvenience to you.

I have received a link to pay the tuition fee, is this a legit request or is it caused by the data breach?

This is a legit request. The requests for monthly payment of tuitions fees has been sent. As a verification, you could always check if the sender of last month is the same as this month.

I have received some strange requests via my mobile phone number and/or private email address, has this been hacked as well?

The data that has been hacked with your Inholland Moodle account are: your Inholland email address, first name and last name. In case you have added additional personal details in your Inholland Moodle account, then these data have also been hacked as it has been part of the data breach. You could verify this in Moodle by checking your profile.

1. Head to moodle.inholland.nl, click top right on your profile photo and select profile.
2. In the new window, select the option ‘Edit profile’
3. Here you will find all filled in profile details. If you scroll down below you can also see the additional data.
Tip: Remove all extra information that are not requested for Moodle.

When looking at the future, could the digital vulnerability of Inholland be increased by for example making use of an two-factor authentication?

Measures have been put in place to solve this vulnerability issue, a two-factor authentication is part of the security process for the administrators accounts. Regarding user accounts, our investigation has shown this vulnerability issue doesn’t apply here.

Does the search functionality and plagiarism scanner Urkund function properly?

Yes. The search functionality within Moodle and plagiarism scanner ‘Urkund’ are restored and work properly again.

Due to the urgent maintenance of last week the plagiarism scanner ‘Urkund’ didn’t function properly between Thursday 4 March 00:00 and Friday 5 March 12:35. In case you have uploaded a document during this timeframe but it didn’t save the document, we recommend you to upload the document once again.

For a complete overview of questions you could also take a look on Knowledge Base.