During the night between 16 and 17 January 2019 a break-in was committed at Cphbusiness, and a number of employees' computers containing personal data were stolen.
Cphbusiness has reported the data breach to the Danish Data Protection Agency.
Secure and non-secure data
Personal data in all systems and programs installed on the stolen computers is safe as the data is covered by Cphbusiness' technical and organizational security measures.
However, personal data stored locally on the machines is not guaranteed to the same extent. Cphbusiness has guidelines for working with personal data, which states that it is not allowed to store personal data locally.
However, this was the case with some of the stolen computers. On these computers a limited number of files containing personal information were stored locally. These files contained personal information about students and applicants in the form of: name, date of birth, in a few cases CPR numbers, in a few cases information about unemployment, enrollment information, elective course assignment, diplomas and CV information.
Not possible to determine extent
Cphbusiness finds this to be a very serious incident, and we will initiate additional technical and organizational security measures so that this cannot happen again.
Unfortunately, it is not possible for Cphbusiness to determine precisely who or how many are covered by the data breach, and therefore also not possible for Cphbusiness to contact the affected parties directly.
If you have any questions about the processing of personal data on Cphbusiness, you are welcome to write to firstname.lastname@example.org or contact data protection consultant Flemming Rasmussen directly on telephone 20 60 19 42 or email@example.com.