Vilnius Tech reassures students about system security: internal data systems are maintained in accordance with IT security standards

The University emphasizes that the Lithuanian EDINA science, studies, activities and process management information system data are safe. At the same time, Vilnius Tech claims that it received information about a possible leak from the National Cyber ​​Security Center (NKSC) on Friday and therefore conducted an investigation.

“A report was received from the NKSC on Friday that student data had been leaked. The report also mentions liemsis.lt. In response, an incident investigation team was urgently formed and a study was conducted to assess the authenticity of the data, ”says Ilma Cikanaitė, the University’s communications director, in a report released Saturday night.

According to her, it was concluded that these are not student data stored in the EDINA consortium’s Study System.

“In other words, the data published is not from the EDINA Information System and the data here is safe. The Vilnius College student data leak has nothing to do with the EDINA consortium. “Vilnius Tech is not involved in the aforementioned data breach,” the university said in a statement.

“At the same time, we want to reassure the Vilnius Tech community.” Vilnius Tech’s internal data systems are maintained in accordance with IT security standards, are constantly updated and vulnerability tests are performed to protect data from members of our community (students and employees) “, adds I. Cikanaitė.

As already reported on Saturday, the Vilnius College administration informed the students that data theft may have been committed, through which their personal data may have been leaked.

Dovydas Buslavičius, the acting head of the institution’s public relations department, confirmed to BNS that the incident may have occurred.

“I can confirm that we have informed the students about the possible theft of data, we have sent them a letter (…) We are currently working on these matters, and with lawyers (…). I just can’t comment more on you right now. There is a possibility that it was done, “said D. Buslavičius on Saturday night.

He added that the data may have been leaked not from the university’s databases, but from a service provider that he did not specify and is now being investigated. A university representative did not comment on whether the police were contacted, but promised to provide more information in a separate report as soon as it became available.

D. Buslavičius told BNS that in the letter, the university informed the students that the data containing the first name, last name, personal identification code and home address may have been leaked.

Portal 15min.lt notes that the Lithuanian Science and Studies Information System (LieMSIS), from which data may have been leaked, is also used by other higher education institutions, including Klaipeda University, Klaipeda State College, the Graičiūnas Higher School of Management, Kaunas University of Technology, Lithuanian Higher Education Institution, Maritime School, Alytus College, Klaipeda State College.

The studijos.liemsis.lt website is not available on Saturday nights. Earlier, readers reached out to 15min.lt, stating that a person who introduced himself as a Raid Forums program on the forum announced that he had about 7,000. Lithuanian students personal data.

The person who introduced himself as a programmer assures that this is a warning to the Lithuanian authorities that the Constitution should not be modified in such a way as to force those who wish to work to carry out tests for COVID-19. According to the programmer, if the Constitution is violated, not only the databases of universities and colleges will be leaked, but also the data of esveikata.lt.

The portal adds that there were no changes to the Constitution related to coronavirus testing in Lithuania.

In February, several possible data breaches were announced in Lithuania, the biggest response to which was the announcement of the data of 110 thousand users of the CityBee car-sharing service registered in Lithuania.

According to the company, criminals posted consumer data from three years ago on one of the hackers’ favorite forums.

In addition to the first and last names of some CityBee customers, phone numbers, email addresses, residential addresses, driver’s license numbers, and encrypted passwords were stolen.

The police opened a pre-trial investigation into the incident and other services are investigating the incident.

The police also launched a pre-trial investigation into the leaked data from the dating site darnipora.lt. Information about 400 thousand. The data leaked by darnipora.lt users appeared on the Internet forum “Raid Forums” last August, but has not been detected so far.

The data, including user names, email addresses, phone numbers, passwords and other personal information, is indicated as from 2016, its sale price is not published.

The police are also clarifying the situation with the data of the clients of the former betting company Orakulas put up for sale.

Information about all this leaked data appeared on the same online forum “Raid Forums”.