We are writing to you with a message that we consider IMPORTANT and which you can consult here.
We have detected (and have already blocked) unusual access to our systems from suspicious IPs that has accessed 0.65% of all the data kept by our institution. Despite this, the School is fully operational and with all services fully guaranteed. Although the amount of data accessed is very small in relation to the total amount of data, we have taken all necessary measures to stop this incident at its root and prevent it from happening again in the future.
Specifically, our systems administrator has activated the contingency protocol and we have created a monitoring committee made up of the General Directorate, Management, the IT director, the Data Protection officer, and legal advice. The commission has been and continues to be in permanent contact with Deloitte Cybersecurity (Cyber Emergency Management - First Response), the company in charge of providing us with assistance in incidents of this nature.
Likewise, the commission, on a preventive basis, has activated the cyber risk policy that the organization has contracted with the insurer HISCOX. We have also given notice of the incident and are in contact with all competent bodies and experts in the field, including the State Agency for Data Protection (AEDP), the Catalan Cybersecurity Agency, and the National Cybersecurity Institute (INCIBE).
Given all the foregoing, and following the provisions of current regulations and our code of action, we wish to inform our community that this action has potentially been able to access basic data, identification and contact data, and information about the products and services contracted. There is no evidence that such data has been exploited. Despite this, we continue working to prevent these situations from recurring in the future, no matter how little impact they may have.
If you have any questions or need any clarification, you can contact us through the following email: IT Security UPF-BSM firstname.lastname@example.org
We would like to take this opportunity to share with you our latest guidance notice on computer security, which can help you both personally and professionally:
Be wary of emails with strange content, unknown senders, and which contain links or attachments.
How do you identify malicious emails?
In the event that you receive a suspicious email, do not click on its contents and notify IT Support: email@example.com
Always save documents in corporate spaces: SharePoint, OneDrive or to network drives O: and S:.
If you save documents on your computer's hard drive, a hardware or software failure, or a "ransomware" attack could make them permanently unusable. Corporate spaces are protected by recovery systems that allow them to be restored in the event of loss.
If you need help to locate your documents in corporate spaces, contact IT Support: firstname.lastname@example.org