Hellenic Open University hit by cyberattack, data breach
Learn More
The Hellenic Open University (HOU) is reporting a cybersecurity incident, with its information systems breached through a ransomware attack on October 25, 2024.
The attackers successfully compromised the university's primary IT infrastructure and backup storage, resulting in the encryption of virtual machine management systems and causing disruptions to secondary systems and the data network.
A substantial data leak was confirmed with 813 GB of sensitive information discovered on the dark web. HOU officials downplay the leak stating that this represents only a small fraction of the university's total stored data. The leaked files primarily consist of documents in various formats including .doc, .pdf, and .xls files.
The compromised personal data includes:
- Full name,
- marital status,
- nationality,
- gender
- date of birth
- Tax Identification Number (AFM),
- Social Security Number (AMKA),
- ID card numbers,
- student IDs,
- physical signatures
- Addresses,
- phone numbers (landline & mobile),
- email addresses (personal and institutional), email communications
- Academic Records, Grades, academic performance, diplomas, certificates of study
- Health Data
- Financial Information, IBAN numbers, invoicing details, expense payment records
- CVs, research, professional history, teaching records, published works
The number of affected individuals has not been disclosed.
The university notified the Cybercrime Division, National Cybersecurity Authority, and the Hellenic Data Protection Authority (HDPA). The university maintained regular communications with these authorities throughout the incident response process.
The university formed a specialized incident management team and engaged cybersecurity experts to contain the attack. Critical systems were isolated on the same day as the attack (October 25, 2024) to prevent further spread of the ransomware.
The data was restored from unaffected backup copies after completing the security review.
