Table of Contents

Security incident at the GWDG

FAQ Status: 10.10.2023, 11:30

Update News from 13.10.2023, 10:00

Security incident at the GWDG

In the following, we provide you with important information on the security incident, which we update regularly. Our goal is to provide you with information as transparently as possible and according to the analysis results as they become available. In doing so, we comply with all data protection rules and act according to our high standards in IT and information security.

What happened?

The Gesellschaft für wissenschaftliche Datenverarbeitung mbH Göttingen (GWDG) has detected a security incident in internal systems through internal security systems on 28 September 2023.

With the help of internal information security management and the associated monitoring, an attack on the infrastructure could be identified at an early stage and the impact minimised.

With the involvement of external cyber security experts, countermeasures were taken at short notice to further protect the IT infrastructure.

What measures have been taken?

The GWDG uses up-to-date, regularly and automatically updated defense and monitoring systems that were active and functioning as intended at the time of the incident.

With the involvement of external cyber security experts, countermeasures were taken at short notice to further protect the IT infrastructure.

The crisis team and the incident response teams responsible for security incidents were activated immediately. Analysis and clarification are carried out in close cooperation with external security experts and forensic experts.

Are data affected?

According to current knowledge, login data for user accounts of employees in encrypted form (user names, passwords) have been stolen.

As a precautionary measure, we have asked all users of GWDG accounts to change their passwords immediately.

Have the relevant authorities been informed?

A notification to the State Commissioner for Data Protection in Lower Saxony in accordance with Art. 33 EU-DSGVO was made immediately.

Our partners from the science and research insitutions for which we provide services have also informed the authorities responsible for them.

What users can do to protect themselves?

As a precaution, we ask the customers of the GWDG and their user groups to change their passwords immediately.

To change please use https://id.academiccloud.de.

Important information on password security is provided by the Federal Office for Information Security on its website: https://www.bsi.bund.de/DE/Themen/Verbraucherinnen-und-Verbraucher/Informationen-und-Empfehlungen/Cyber-Sicherheitsempfehlungen/Accountschutz/Sichere-Passwoerter-erstellen/sichere-passwoerter-erstellen_node.html

Are student user IDs affected?

There is no impact on student user IDs. This means there is no need for students to take any action. If students have any questions, they can contact CampusIT Support at the email address campussupport@uni-goettingen.de.

Where to change the passwords?

Here we refer to the internal communication in the facilities. If you still have any questions, please contact the relevant office in your own facility for this information (see also below).

Do passwords for mailing lists need to be changed?

According to our current knowledge, the GWDG's mailing list service is not affected by the security incident, so there is no need to change the passwords used there. However, if you use an identical password for your account and the mailing lists, we strongly recommend that you also change it for the mailing lists (and also in all other places where you might have used it). Ideally, you should use different passwords for your account and your mailing lists.

Who can users contact if they have any questions?

If you have any questions or problems, please contact:

Health data of patients of the UMG are not processed and stored in the systems of the GWDG. Information security and data protection were guaranteed at all times at the UMG.

Are there any restrictions on operations at Göttingen University Medical Centre (UMG)?

No. There are no restrictions on the operation of UMG´s systems. The services offered by the GWDG are basically still available. However, the GWDG may temporarily restrict individual services for security reasons. Information about this will be provided via operational messages. A status page will be available shortly.

Healthcare provision was and is fully guaranteed at all times and is not impaired.

Information security and data protection were also guaranteed at all times at the UMG.

Are there any restrictions on operation at University of Göttingen?

No. There are no restrictions on the operation of University of Göttingen systems. The services offered by the GWDG are basically still available. However, the GWDG may temporarily restrict individual services for security reasons. Information about this will be provided via operational messages. A status page will be available shortly.

Are there any restrictions on the operation of the Max Planck Society?

No. There are no restrictions on the operation of the Max Planck Society´s systems. The services offered by the GWDG are basically still available. However, the GWDG may temporarily restrict individual services for security reasons. Information about this will be provided via operational messages. A status page will be available shortly.

Can I access the systems of the GWDG?

There are currently no effects on the operation of the GWDG's systems, so that the services and data offered continue to be available.

Are the emails belonging to the GWDG accounts available?

Yes, these are available as usual.

There are currently no effects on the operation of the GWDG's systems, so the services and data offered are still available.

What IT security measures does the GWDG have in place?

The GWDG uses up-to-date, regularly and automatically updated defence and monitoring systems that were active and functioning as intended at the time of the incident.

The measures to ensure data protection and information security were and are state-of-the-art technology and are based in particular on the respective current recommendations of the Federal Office for Information Security (BSI).

The GWDG's data centre in Göttingen is independently audited at regular intervals. A current certificate according to ISO 27001 is available.

The data centre is also certified according to ISO 9001.

What is a secure password?

When you change your password, an algorithm ensures that you enter a secure new password. The criteria include using at least 12 characters, avoiding frequently used words or your own user ID, and at least one uppercase and one lowercase letter, one number and one special character.

Please make sure that your new password is clearly different from the one you used before and never use the same password for services of different providers. Please also observe the regulations on the assignment and use of passwords applicable in your institution. These can be found, for example, in the respective information security guidelines.

The Federal Office for Information Security (BSI) provides further important information on password security on its website: https://www.bsi.bund.de/DE/Themen/Verbraucherinnen-und-Verbraucher/Informationen-und-Empfehlungen/Cyber-Sicherheitsempfehlungen/Accountschutz/Sichere-Passwoerter-erstellen/sichere-passwoerter-erstellen_node.html

How do I recognise a phishing email?

The Federal Office for Information Security (BSI) provides important information on recognising phishing mails on its website: https://www.bsi.bund.de/DE/Themen/Verbraucherinnen-und-Verbraucher/Cyber-Sicherheitslage/Methoden-der-Cyber-Kriminalitaet/Spam-Phishing-Co/Passwortdiebstahl-durch-Phishing/Wie-erkenne-ich-Phishing-in-E-Mails-und-auf-Webseiten/wie-erkenne-ich-phishing-in-e-mails-und-auf-webseiten_node.html