Cyber Attack FAQ

The data was stored in KTU information systems.

The document and process management system stores data related to an employee’s employment relationship, such as: name, surname, personal identification number, residential address, marital status, educational data, telephone number, e-mail address, and license plate number of personal cars. Copies of personal documents were not stored in the DPMS (Document and Process Management System).

Leaks of this data may expose the University community to cases where, without their knowledge or consent, attempts may be made to act on their behalf, or even to impersonate an employee.

This also depends on what personal data is lost. Though treating the data as leaked, we hereby confirm that the criminals will not be able to log into KTU systems on your behalf, or try to guess whether your KTU password will work on other systems.

Please also note that even if you have a person’s personal identification number, this information is not considered as sufficient basis to perform further criminal acts on your behalf or to commit so-called “identity theft”. Most major KTU systems have two-factor authentication, so that a person can authenticate his or her identity through another channel – e.g. a person can authenticate by other means, such as SMS, link confirmation in an email, etc.

Only having your email address can increase the number of attempts to:

• obtain your login credentials (e.g. by sending phishing emails to your address, asking you to change your passwords for Microsoft, Google, Facebook (Meta), Instagram or other accounts.
• deceive you by submitting a fake courier service notification of receipt of a parcel, request or notification from a public authority, etc.
• Fraudulently induce you to click on a link to a website infected with malware.

To manage the impact of the cyber incident:

• Information Systems Service Continuity Management and attack-related Information Systems Service Recovery Teams have been established and approved by order of the Rector;
• An attack-related recovery plan has been prepared and implemented;
• Relevant law enforcement and other relevant authorities informed;
• Information systems and services are currently being restored;

The following actions have been completed to protect the data:

• Restricted access to KTU information systems and resources;
• All account passwords have been reset;
• Login security to KTU information services and resources has been enhanced;

Images of personal documents may have been stored on workstation computers. We reiterate that personal document images were not stored in an organised structure in the IT systems of KTU.

We recommend you to change all your passwords if they are the same as the ones you have used on KTU systems and use multi-factor authentication where possible (login confirmations by SMS or other email address, biometric authentication on phones, etc.).

Personal code. There is a chance that malicious people can act on your behalf. If necessary, you can use the Bank of Lithuania’s “STOP Consumer Credit” service, which helps you to avoid buying fast loans, leases or other services without your knowledge or consent.

Telephone number. You are likely to receive more unwanted text messages (SMS) and/or calls. We recommend that you remain vigilant and be critical to the information presented to you by strangers. If you have received a text message from an unknown number with a link or attached document, we recommend not opening it.

Email address. You are likely to receive more unwanted content (spam) in your email. Be especially careful with emails from strangers. We recommend you not to open any links or documents attached to such emails.

At the moment of speaking it is not possible to exactly enlist which data has been leaked. If you want to find out what personal data has been stored in the University systems, please submit a request to the University’s Data Protection Officers at: duomenu.apsauga@ktu.lt or gdpr@privacypartners.lt. Once we have contacted and identified you, we will be able to provide you with the requested information within a month after receiving your request.

Our internal investigation did not reveal that user account passwords were leaked. However, for data security reasons, we recommend you to change your passwords that match the ones  you used to log in to KTU systems.

How to change your password using an external personal email:

• On the website https://registracija.ktu.lt, select “Forgot my login details”.
• Provide the requested data in the form and you will receive an information email to your external email with a link to create a new password (it may take 5-10 minutes for the information email to arrive, so don’t be in a hurry to fill out the password change form again).
• We recommend that you change your password so that it is different from your KTU Microsoft365 environment password.

If you are unable to change your password:

• If you have previously used the e-Government Gateway for authentication and have not provided your external email address, you will first need to provide additional data.
• Log in to your KTU email in the KTU Microsoft365 environment and send the following data from your email address name.surname@ktu.lt  to registracija@ktu.lt:
  • Name, Surname;
  • Your external personal email address.

We will only be able to complete your data in the registration system if we receive your email from your assigned KTU work email address name.surname@ktu.lt – by doing so, you confirm your identity and that you are aware and understand that this data will be processed by the University for the purpose of verifying the user’s identity in the University’s IT systems.

We will send an information email to your KTU email address and you will then be able to change your password using your external personal email address as described above. You will only be able to use the KTU SSO single sign-on system to access KTU IS and IT services after updating your password.