Theft of personal data of students and alumni
The Complutense University of Madrid has been the victim of a cyber attack that has compromised the security of the personal data of students and alumni who carried out work placements in companies. This incident has resulted in the leak of sensitive information, such as full names, addresses, dates of birth, IDs, emails and degrees obtained.
The University has informed those affected that part of the documentation proving this data has also been compromised. The attack was carried out through an email sent at noon this Friday.
Scope of the cyber attack
According to information obtained, the leak has potentially affected all or a large part of the Complutense labor internship application database. This includes former students who interned years ago, indicating the magnitude of the incident.
Although there is no record of which students or alumni have been directly affected, the University estimates that around 70,000 students enroll at the Complutense each year, making it one of the largest universities in Spain. Furthermore, internships in companies are common in many study plans, which implies that a considerable number of students could be involved.
Actions taken by the University
The Complutense University has set up a special website to inform those affected about the incident and has created an email address dedicated to resolving doubts related to the cyberattack. In addition, you have reported the incident to the National Police and have informed the Spanish Data Protection Agency.
The University recommends that those affected change their passwords as an additional security measure, although there is no evidence that the passwords have been compromised. The importance of extreme caution when receiving electronic communications from third parties is also highlighted, since the stolen data could be used to impersonate or carry out scams.
Safety recommendations
Cybersecurity experts advise those affected by these types of leaks to take additional precautions when contacted by third parties through electronic means. It is important to verify the identity of senders and be alert to possible phishing attempts or scams.
If you have provided bank details or other relevant information to possible cyber-fraudsters, it is recommended to immediately report the incident to the bank and report it to the Police. In addition, you can contact the National Cybersecurity Institute through the toll-free number 017 or the WhatsApp telephone number 900 116 117 to resolve security questions.
The Complutense University regrets what happened and recognizes that, despite the efforts made to prevent this type of incident, the cyberattack has shown that more work is required in terms of security.