The Open University of Cyprus has been fined €45,000 for a data breach that compromised personal data and led to information being leaked on the dark web. The university’s cybersecurity measures were found to be inadequate, resulting in a violation of the GDPR and the imposition of the fine.
What was the Open University of Cyprus fined for?
The Open University of Cyprus was fined €45,000 by the Data Protection Commissioner for violating the GDPR by failing to implement adequate cybersecurity measures, resulting in a data breach that compromised personal data and led to information being leaked on the dark web.
Significant Fine Imposed for Lax Cybersecurity
In an unprecedented move, the Open University of Cyprus has been fined €45,000 by the Data Protection Commissioner for not adhering to stringent cybersecurity protocols. The decision was announced after a detailed investigation into a cyber attack that compromised the university’s servers in March. The breach was a clear violation of EU Regulation 2016/679, commonly known as the General Data Protection Regulation (GDPR), and the principle of accountability, which mandates data controllers to ensure lawful processing and robust security of personal data.
GDPR Violations and Measures to Improve Security
The GDPR is known for its stringent rules regarding data protection, emphasizing the importance of having appropriate security measures in place. The Data Protection Commissioner, Irini Loizidou-Nicolaidou, pointed out the university’s shortcomings in this area and has now mandated the appointment of a security systems officer. This officer’s role will be to oversee the implementation of enhanced security measures and to keep the commissioner’s office informed of the progress.
Extent of the Data Breach
The cyber attack on the Open University of Cyprus led to the leakage of personal data belonging to students, alumni, and various other associated individuals. As a consequence, the Data Protection Commissioner’s office received complaints from 11 affected parties. In a subsequent turn of events, hackers threatened to publish the stolen data unless a ransom was paid in cryptocurrency, which the university refused, resulting in the data being released on the dark web.
Cybersecurity in the Larger Context
Cybersecurity concerns are gaining prominence as even a single day without internet could inflict a significant economic impact. A report from Atlas VPN estimated a cost of $43 billion globally for a day’s internet outage. Specifically, Cyprus would face a loss of €10.4 million from such an event, underscoring the critical nature of cybersecurity measures.
Recent Hacking Incidents in Cyprus
The cybersecurity breach at the Open University was not an isolated incident. The Department of Lands and Surveys also fell victim to a cyber attack, leading to their website going offline. This incident, along with the attack on the University of Cyprus occurring in the same timeframe, highlights a growing trend of cyber vulnerabilities that the entire nation must address.
Proactive Measures and International Standards
The imposing of fines and the requirement for enhanced security measures signify a shift towards more proactive cybersecurity enforcement. By aligning with international standards and regulations like the GDPR, institutions can better protect themselves against future cyber threats. The Open University of Cyprus is now tasked with not only rectifying past oversights but also setting a precedent for cybersecurity vigilance in the academic sector.
Quick Recap:
- The Open University of Cyprus has been fined €45,000 for a data breach that led to personal data being leaked on the dark web.
- The university’s cybersecurity measures were found to be inadequate, resulting in a violation of the GDPR.
- The breach compromised personal data of students, alumni, and others, leading to complaints from 11 affected parties.
- A ransom was demanded by hackers, and when refused, the data was released on the dark web.
- Cybersecurity concerns are growing in prominence, with recent hacking incidents in Cyprus highlighting the need for proactive measures and adherence to international standards.
