Personal data have been leaked after a malicious attack on the Open University of Cyprus (OUC), with the "MEDUSA" ransomware group now demanding ransom to delete the data, otherwise it will publish it online.
An announcement by the OUC on Wednesday says that on March 27th the Information Technology Services of the OUC detected a malicious attack on the University's file server, in which the University stores and processes various data, by the "MEDUSA" ransomware group, with the group now demanding ransom to delete the data, otherwise it will publish it online.
As a result of the cyberattack, sensitive personal data relating to students, alumni, academic and professional staff and/or partners have been leaked.
The attack resulted in several central University services and critical systems going offline as a precaution measure. The University has so far restored access to its website and eLearning Platform. From day 1 of the cyberattack, the University has notified the Digital Security Authority (DSA), the academic CSIRT and the Combating Cybercrime Department of the Cyprus Police to undertake the relevant investigations. The Commissioner for Personal Data Protection has also been notified about the cyberattack.
At the same time, the University's Information Technology Service together with a number of external partners are working closely to restore all disrupted operations by taking additional technical and organizational measures to mitigate all risks and repair all vulnerabilities, it is added.
"The Open University of Cyprus calls on all the members of its academic community who could be affected to be particularly cautious and suspicious of any electronic or other communications from strangers, as well as their electronic transactions", OUC says in its statement, adding that "the University is committed to continue its efforts to safely restore all its central services and critical systems, and that it will make every effort to protect the (personal) data it processes for its operations".