Vulnerability at Leipzig University Library

On 19 April 2022, a vulnerability was discovered in an IT system at Leipzig University Library. This resulted in external access to about 70,000 records of library users. The incident has been reported to the police.

An external tip-off alerted the University Library to an IT vulnerability. This concerned a system that was temporarily used to update web applications. The University Library’s library management system was not affected. Unauthorised access to data occurred. The data concerned included only email addresses, usernames and library card numbers. Users- passwords were not affected.

A report has been filed with the police and the data breach reported to the Saxon Commissioner for Data Protection. The affected users were informed immediately about the vulnerability and the fact that their data may have been accessed, and warned of the possibility of future phishing or spam emails.

IT staff deactivated the system in question as soon as they were made aware of the vulnerability, then initiated further checks and security measures. Currently, the University Library is checking and revising its quality assurance with regard to software development, and its security policies. Since some of the data records concern inactive users, it will also revise the existing erasure concept. Additional steps are being put in place across the University to protect other systems.

Michael Lindner

Universitätsbibliothek Leipzig

Beethovenstraße 6
04107 Leipzig

341 97-30500
Telefax: 31130500

E-Mail schreiben

This site uses cookies and analysis tools to improve the usability of the site. More information. |