Rotterdam, Netherlands-based Erasmus University announced a breach a few weeks ago, but at that time it was believed not much more than student names, addresses and logins were stolen. However, yesterday further details were announced.
How many victims? 17,000 students, although this tally might climb as 270,000 webforms residing on a web server were breached.
What type of information? Nearly 5,000 forms held medical details on students, including general details as well as ailments they suffered. Students' financial details were also stored on the web forms, including bank account details and credit card information. No PIN or security codes were held on the platform.
What happened? Mystery so far surrounds this incursion as no passwords were involved in the attack and it's unknown at this point how the security of the server was bypassed.
Response: While a web page on Rotterdam University's website offers general description of the Netherlands' rules surrounding a breach, no announcement about this breach can be found on the site.
Source: The Merckle