Security breach

Yesterday, Wednesday 18th of January at 16:50, a notification came from Cert-IS, the Icelandic government's cyber security team, that malicious parties may have gained a foothold on one of the University's servers.

Responders were immediately notified, and an investigation began along with measures to try to limit damage.

As a result, actions were taken to try to stop the malicious parties. One of the actions was to increase the level of security on the school's computer systems, and users must now use the two-factor authentication on campus.

Further investigation revealed these malicious parties managed to copy all user information, including username, password, social security number and mobile phone numbers.

Because of this, it is best for users to change passwords on HA computer systems as soon as possible. Furthermore, we recommend that users use an authentication app rather than the SMS way.

We would also like to point out to our users that they should be careful when they receive SMS messages, not to click on the links in them and not to give out the numbers in them to other people, but to type them in for login in the cases where they requested it.

As we are still investigating the matter and due to the increased level of security, there are many things that are not working as intended in our systems today and we apologize for that.

The incident has been reported to Persónuvernd and registered on the UNAK Status page, status.unak.is, and it will be possible to follow the progress of the case there.