Staff members’ personal data was temporarily accessible to colleagues
Following the migration of expense claim data from SAP to BAS Insite, the personal data of staff who submitted expense claims in the past years was temporarily searchable for university staff for a few hours on 5 January. After Mare notified the ISSC, the breach was resolved that same afternoon; that was our priority. We regret that the personal data was temporarily accessible to all staff.
Staff from the Privacy Office are investigating whether data was accessed and, if so, by whom. They are also assessing the risk that the breach entailed. We will provide more information as soon as we know more. We will also evaluate how this could happen despite careful preparations and testing.
If you have any questions, please contact the Privacy Office.