Skip to secondary navigation Skip to Catalog Search Skip to Website Search Skip to Accessibility Page Skip to Content
Open/close sidebar

Vulnerability at Leipzig University Library's IT system

On 19 April 2022, a vulnerability was discovered in an IT system at Leipzig University Library (LUL). This resulted in external access to about 70,000 records of library users. The incident has been reported to the police.

An external tip-off alerted the LUL to an IT vulnerability. This concerned a system that was temporarily used to update web applications. The LUL’s library management system was not affected. The security vulnerability existed within the period from 6 to 19 April 2022. Unauthorised access to data occurred. The data concerned included only email addresses, usernames and library card numbers. Users’ passwords were not affected.

A report has been filed with the police and the data breach reported to the Saxon Commissioner for Data Protection. The affected users were informed immediately about the vulnerability and the fact that their data may have been accessed, and warned of the possibility of future phishing or spam emails.

IT staff deactivated the system in question as soon as they were made aware of the vulnerability, then initiated further checks and security measures. Currently, the University Library is checking and revising its quality assurance with regard to software development, and its security policies. Since some of the data records concern inactive users, it will also revise the existing erasure concept. Additional steps are being put in place across the University to protect other systems.

Contact: feedback@ub.uni-leipzig.de