Business

Cyber ​​attack on the University of Warsaw. Thousands of files with personal data on the dark web

Photo of Ashley Davis Ashley Davis21/04/2026
0 40 4 minutes read

Okay. 200 thousand files obtained as a result of the cyber attack on the University of Warsaw were published on the darknet on the night of April 15-16. Okay. 32.8 thousand files could contain personal data, including: employees, students and study candidates, the university confirmed on Tuesday. She assured that, among others, she is cooperating in this matter. with CERT Polska and the Central Office for Combating Cybercrime.

Cyber ​​attack on the University of Warsaw. Thousands of files with personal data on the dark web
photo: Wlodzimierz Wasyluk / Forum / / FORUM

“The notification is addressed to members of the academic community of the University of Warsaw, including students, doctoral students, study candidates, employees, as well as persons cooperating with the University, whose personal data may have been affected by the incident that occurred on the night of April 15/16, 2026.” – indicated in Tuesday's announcement published on the University of Warsaw website, referring to the obligations arising from the GDPR.

They logged in with the correct password and stole thousands of files

The university assured that it immediately took action to limit the effects of the incident and better secure data for the future. “We are constantly analyzing the situation and doing everything possible to prevent similar incidents from happening again. At the same time, the University of Warsaw reported the breach to the President of the Personal Data Protection Office and active cooperation is being carried out with CERT Polska and the Central Office for Combating Cybercrime (CBZC),” we read in the announcement.

As explained, the personal data protection breach occurred as a result of unauthorized access to the University of Warsaw's IT systems. An unauthorized person logged in to the system using correct access data (login and password), which had been previously taken over – most likely as a result of malware operating on the user's device.

By using the correct login details, this activity remained unsuspicious for a long time. The people responsible for the attack acted in a dispersed manner and were difficult to detect, gradually gaining access to subsequent elements of the system, it was emphasized.

50 GB of data and ID numbers in the hands of cybercriminals

During the incident, confidentiality was breached, i.e. unauthorized access to personal data, copying them and then making them available on the Internet. “Potential data modification cannot be completely ruled out. However, there was no permanent blocking of access to data (encryption) or disruption of the operation of key university systems,” it was noted.

According to the University of Warsaw, the incident was detected on February 9 this year, and after its detection, protective measures were taken immediately. The analyzes conducted show that the data could have been copied in the period from January to February 2026, and their publication on the dark web took place on the night of April 15/16, 2026.

“During the analysis, it was determined that the data set published on the dark web included a very large number of files (approx. 200,000, size: 850 GB),” the release said.

As reported, the vast majority of files with personal data come from two faculties of the University of Warsaw – Modern Languages ​​and Applied Social Sciences and Resocialization. Some of them (approx. 650 GB) were public audiovisual materials.

“At the same time, part of the collection (approx. 200 GB) contained various types of data, including personal data. Of these, approximately 32.8 thousand files could contain personal data,” the university reported.

As we read, the event may have concerned in particular: UW employees, students, study candidates, doctoral students, former employees and collaborators, and other people associated with the university's activities.

PESEL numbers and account numbers could have been found online

The scope of personal data varied and, depending on the case, could include, among others: identification data, including specific types (e.g. name and surname, date of birth, gender, citizenship, PESEL number, ID document number and series, passport number), contact details (e.g. residential address, e-mail address, telephone number, username), financial and tax data (e.g. bank account number, data from tax documents), employment-related data (e.g. contracts, employment history).

“At this stage, we cannot clearly confirm whether and which specific persons' data were affected by the incident. The analysis of the incident is still ongoing,” the University of Warsaw said. “It is not certain whether your data was used, but we recommend that you remain particularly vigilant and take actions that will limit the potential consequences of the event,” the university said.

As noted in the announcement, due to the nature of the incident and the scope of data that may have been affected, there is a high risk of violating the rights and freedoms of data subjects. Potential consequences (depending on the scope of data) may include, but are not limited to: loss of control over data and privacy, identity theft and data exploitation.

What to do if you are on the injured list?

Among the recommended countermeasures, the University of Warsaw listed, among others:

  • securing identity and financial data by e.g. blocking the PESEL number,
  • monitoring credit activity by creating an account in credit and business information systems (e.g. BIK, BIG, KRD, ERIF) and activating alerts about attempts to use data;
  • securing access to accounts and services by changing passwords for e-mail, banking, university systems and other services – passwords should be unique for each account.

It is also recommended to be careful in contacts and communication, and to limit the availability of data in public spaces.

“If you learn about the use of your data by an unauthorized person or notice any disturbing signals, please provide this information as soon as possible and take appropriate actions, including contacting the appropriate institutions,” we read in the university's announcement.

The University of Warsaw also encouraged people to regularly follow the announcements on its website. (PAP)

ekr/ agt/

Photo of Ashley Davis Ashley Davis21/04/2026
0 40 4 minutes read
Photo of Ashley Davis

Ashley Davis

I’m Ashley Davis as an editor, I’m committed to upholding the highest standards of integrity and accuracy in every piece we publish. My work is driven by curiosity, a passion for truth, and a belief that journalism plays a crucial role in shaping public discourse. I strive to tell stories that not only inform but also inspire action and conversation.

Related Articles

From “Krypto-Pórnik” to a company valued at over $ 75 billion. Coreweave's debut is the best this year

28/06/2025

Lavrov: We will transfer a document with the conditions of the peace agreement Ukraine

23/05/2025

Leaders Forum in Davos. Polish business and politics on the world stage

23/01/2026

Bank profits are already in the billions. They are impressive, but there is visible regression

05/05/2026

Leave a Reply

Your email address will not be published. Required fields are marked *

2022 © Automatic RSS News Aggregator KNews.Media. Company Name: KNEWS Media Group LLC Address: 160 Broadway, New York, NY 10038 United States
Back to top button