»A laptop was lost with a given hundreds of thousands of students of SGGW -TZYZNIK.PL ---
We sympathize with graduates, students and would -be students of SGGW.Yesterday the university informed them by e -mail that their data was stolen, along with the laptop of one of the university employees.And not just any data, because basically complete.Only their shoe number was missing ...
How many people apply to data leakage?
Let's start with the fact that we do not really know how many data there was on the disk of a lost laptop - even the university does not know it - in its statement SGGW only gives not very precisely that it is about
That is why we entered hundreds of thousands of thousands in the title and we will be pleased to accept from SGGW a request for correction (because it must be based on facts) - maybe this way we will be able to determine the actual scope of this leak, i.e. something on which nervous students count, whom several hundred (!)us with this question.The question is whether SGGW will be able to determine this at all ...
For now, it should be assumed that everyone who once folded the SGGW papers is in the group of victims whose data was on the disk of the stolen laptop.
What data was on the disk of the stolen laptop?
As we read in the statement, the following personal data of the candidates were on the computer disk:
Not bad, no?So many types of data are mentioned by SGGW, but it seems to us that there could still be photos (images) of students on the disks.And here the question for the candidates, did you attach your photographs on any of the above documents / applications to SGGW?
SGGW informed us too late!
This sentence probably appeared most often in e-mails to the editor of the danger regarding this incident.Students were outraged that they learn about the case of November 5 after 10 days of days.But…
An employee who lost his laptop did not have to realize that he was not right at once.It is also not true that many students accuse the university that, according to the GDPW, SGGW had 72 to inform the victims about the incident.72 hours are to inform UODO, not the victims.The victims do not need to be informed if the data administrator decides that the incident is not important.Here, as you can see, SGGW did not "swept the matter under the rug".
Was the disk encrypted?
And this is a key question ... to which unfortunately we will not directly find the answer in the SGGW statement.If the disk were encrypted, the theft of a laptop would not allow access to data saved on the hard disk (as long as the password would be stronger than "ABC123") and it seems that every data administrator in such a situation would emphasize this in the communiqué.
However, there are many indications that Full Disk Encryption was not configured on the laptop of the SGGW employee.How can we read later in the statement:
Ba!Based on the above, you can even wonder if the stolen laptop was a university laptop at all?.The situation at some universities is so pathological that the staff is working on private equipment, on whose safety - obvious - university computer scientists do not have control.It is difficult for them to accuse them of lack of competence in such a situation (the university suggests in a message above that "internally applicable procedures" require data protection on media.Well, it's not the same as they force.).
UPDATE!Ale mieliśmy nosa! Po publikacji naszego artykułu na stronie SGGW pojawiło się oświadczenie rzecznika prasowego, w którym informuje on, że skradziony laptop był prywatnym laptopem pracownika, który bezprawnie zgrał na niego dane z uczelnianych systemów.So we have to set up the worst.And this means that the new laptop owner for students will easily access if:
Maybe it won't be that bad?
However, we would like to pay attention to the fact that although it gets into this data in the case of an unacconsisted disk easily, a thief (finder?) A laptop must want to get to this data at all, and above all he must find it in the thicket of probably many othersfiles on the disk.
We know the cases that people who bought the used equipment found unspecified data on the disk (and even full databases of well -known Polish websites whose name we would not mention) or even intentionally conducted the so -called.File Carving, to recover from the media deleted by the previous owner data.Nevertheless, we don't think that the hypothesis is likely, that someone intentionally commissioned theft of this laptop because he knew that there are students' data on it.
For consolation, we can add that most thieves steal laptops to give them to the commission and earn.They do not bare "overcoming security" and analyzing data at all.They want to have a cashier quickly for the proverbial bottle.They are not interested in the data.
So what threatens students, graduates and candidates?
Suppose, however, that someone will find out what is on the disk - and will be able to reach it.Then students can have serious trouble.What?Here, SGGW is very precise:
In fact, nothing more, nothing.Well, maybe except for one little thing ...
Based on such a set of data he has leaked, someone might also want to rob the bank accounts of the victims.He has a lot of data, and he can get the missing phishing.But now he can authenticate on the hotline as a victim or make a duplicate of the victim's SIM card.
Dlatego wszystkim poszkodowanym przez SGGW sugerujemy lekturę naszego artykułu pt. Co robić, aby ktoś nie okradł mi konta w banku? I co robić, jak ktoś je jednak okradnie?I folded papers on SGGW - what to do, how to live?
Let's start with what the university advises the victims.And she advises that students ... do it themselves.
Oh, how a different approach to the one used abroad ... but before we tell you what you can do now (and what to do), let's cite the university councils:
First of all - setting up accounts recommended by universities in "loan monitoring websites" is a mistake, in addition, which can cause even greater damage, and certainly a noticeable loss in your wallets.
Such accounts once, that they cost two that they require additional personal data (scan of the identity document) to another company (which may lose it again, leeks.As you could take over the account in the register of debtors), they do not guarantee anything above all.And that's why it doesn't make much sense to invest in them.
For years, we have been observing how criminals forcing loans, loans and payday loans and we guarantee you that they will first force them to lenders who do not consult any credit agencies before issuing a decision to grant money.Remember:
Unfortunately, we have such a pathological situation in Poland.There are loan companies that borrow money on an autonomous decision, without checking in any government base whether the customer has not reported the so -called.Credit Freeze, i.e. loan services.They do not check, because there is simply no such official government base.There are many private companies that aspire to such a function, but first to earn money and not protect citizens.If they cared on the latter, they would exchange data with each other - and they don't.
Yes, you read well, all credit monitoring offices are private companies, each of which would like to be a nationwide and compulsory tool on the financial market, but it is not and cannot offer anyone full protection.Don't be fooled by it.
So what to do to prevent you from taking a loan for our data if they leaked?
We described in this article, which - due to the complexity of the topic - cannot be summarized.It will be best if you read it in full - then you will understand this map illustrating a dozen or so steps (!!!) what you need to do to protect yourself as possible in Poland, protect yourself against the negative effects of theft of identity and extorting a loan on your data:
Dla pełnego obrazu tego, jak wygląda życie człowieka, któremu skradziono dane i nabrano na jego konto kredytów polecamy lekturę tego artykułu.To sum up: as soon as possible, to all candidates, students and graduates of SGGW, we suggest:
Whether everything went well, you can check the citizen.gov.PL, in a special form (for free, if you have PZ, and if you do not have, you can set it up from a bank level or standard, going to the ZUS/US window with an unpaid proof or passport).
After some time (now it may be too early) it is also worth asking banks about whether someone will set up an account on your data. To również można zrobić za darmo pomocą tej usługi.And it's worth doing from time to time.(Readers inform us that this service is not for free - let us know how much you counted for it).
To minimize the risk of taking over your current bank accounts, consider changing the phone number connected to your bank accounts.It will make it difficult for those who would like to form a duplicate of your SIM card to take control of the bank's bill or on any service where you configured two -stage authentication to the phone number (Faebook? Gmail? Cryptocurrency exchange?)
And when you secure yourself, you can ... allow universities.
Students want a collective lawsuit!
Seriously.The victims have already set up a Facebook group demanding a collective lawsuit and there is 12,000 members at the time of writing this article.Members who do not know that this action (collective lawsuit) does not make sense in this case.
Honestly, we did not expect such a move on the Polish Internet regarding the leak from SGGW.Maybe because we realize that laptops die every day.Yesterday in a taxi our editor went to the client (on the rear sofa) laptop of an employee of a company.The taxi driver still contacted the owner at the editor and arranged for the devotion.
It is a stir we are surprised not only because there are a lot of theft and loss of data (digital and paper) carriers.More than burglaries and leaks.We wrote about it summarizing the first year of the GDPR in Poland and presenting the statistics of violations.We are surprised because we do not remember that the leakage of data from other universities (and we describe these regularly) put the students so much on the feet.Good change!
In our opinion, the wrath of students is justified.For the lack of disk encryption in 2019, SGGW should get a severe punishment from UODO.If it was actually university, not a private laptop (update: laptop was private).After the GDPR enters into force, when there are many free solutions on the market for encryption of internal and external disks, not using them is a serious mistake and a manifestation of unacceptable immaturity in terms of IT.Let's hope that universities - not only SGGW - will finally take seriously for the security of students' data and more weight will apply to security of bases against unauthorized copying, especially on private equipment.
And everyone interested in protecting their data (not only personal) and money are invited to our lecture, during which we present dozens of practical tips and free tools - thanks to them you will be able to minimize the negative effects of various incidents that can happen to you in the digital world.
Learn how to secure your money, data and identity against cyber criminals.Come to our iconic 3.5 -hour lecture Fri."How not to be hacking?"and get to know dozens of practical and simple to implement tips that will effectively raise your safety.Anyone who uses the Internet on a smartphone or computer should come to this lecture.We lead him in an accessible language, interwoven with demonstrations of live attacks - that's why take your parents with you!In the coming weeks we will be in the following cities:
Zobacz pełen opis wykładu klikając tutaj lub kup bilet w naszym internetowym sklepie.
