Leiden University reports ransomware attack on internal company JobMotion – IT Professional – News

I am a student at Leiden University and have been to a subject assistant a couple of times. I am also a victim and the email I received is as follows:

December 19, 2022

Dear employee,

On Thursday, December 8, JobMotion was notified by its supplier UBplus that its payroll processing system may have become the target of a ransomware attack.

As JobMotion therefore did not have access to its own automation system, it was not possible to inform you by personal email. For this reason, a notice has been published on the Leiden University website and on the JobMotion website. Fortunately, the vendor has re-released the automation system. Accordingly, we can only inform you personally now and want to give you an update.

Notification to the Dutch Data Protection Authority

The incident was reported by JobMotion as a data breach to the Dutch data protection authority. Soon after discovering the incident, the payroll processing system vendor hired a cybercrime firm. They immediately started with search and repair work.

What could have leaked?

The salary system contains the personal data of everyone who works for Leiden University via JobMotion. Apart from more general (contact) data, it also contains sensitive information such as BSN and financial data.

Overview of potentially leaked data from flex workers:

Name, address, place of residence, telephone number, e-mail address, administration number, gender, position, date and place of birth, tax ID number, nationality, residence permit and work permit, correspondence with temporary workers, contract of temporary work (with various appendices and additions) including phase classifications, financial data, bank account number, wage agreements, withholdings and refunds, payroll statements, annual reports, payroll tax forms, signature, illness report data , marital status, permission data, login data.

Current state

The JobMotion supplier is currently in the final phase of the investigation. The final report is expected next week. The information we have received so far from the supplier gives cause for cautious optimism. But the supplier also indicates that the investigation is not yet final. At the moment we cannot rule out that the data has been made available to third parties. This is why we ask that you remain alert to identity fraud.

Salary payment

Thanks to our vendor’s input, we were able to process payroll on time and correctly this week. Next week there will be another weekly pay in addition to the monthly pay. JobMotion is happy that the ransomware attack didn’t affect the payment.

Backlog in drawing up new employment contracts

The system has not been operational for several days. In these days it was not possible to process entries with jobs from Leiden University and to conclude new employment contracts. This means that JobMotion has fallen behind. The entire JobMotion team is doing its best to catch up as quickly as possible.

What can you do yourself?

Read how you can prevent identity fraud and what to do if you become a victim.

information from the police about identity fraud
information from the central government on identity fraud

More information

JobMotion is in close contact with the supplier and Leiden University regarding the further agreement and the findings of the investigation. As soon as the survey is completed, JobMotion will inform you via email of the outcome.

If you have any questions, please contact the Leiden University helpdesk. They can be contacted via 071 – 527 88 88 (option 4) or via [email protected].

With best regards,
Teamwork Movement