Sunet and Uppsala University: Suspected data breach involving personal data from Studium

Uppsala University Investigates Suspected Data Breach Affecting Personal Information

Uppsala University has disclosed a suspected data breach to Sweden’s Authority for Privacy Protection (IMY), following a cyberattack on Studium, a platform used by the institution. The breach originated from a compromise of Studium’s service provider, raising concerns that personal data linked to the university may have been exposed.

The university is conducting an investigation in collaboration with its supplier, Sunet, to determine whether any data was leaked and, if so, the scope of the affected information. While Studium’s infrastructure is reportedly secure and operational, users logging in as guests have been advised to change their passwords as a precaution. Those who notice unusual activity are instructed to contact the university’s IT support.

No further details on the nature of the compromised data or the timeline of the breach have been released. Updates will be provided as the investigation progresses. The incident underscores ongoing risks to educational institutions handling sensitive personal information.

Source: https://www.uu.se/en/students/news/archive/2026-05-05-suspected-data-breach-involving-personal-data-from-studium

Sunet TPRM report: https://www.rankiteo.com/company/sunet

Uppsala University TPRM report: https://www.rankiteo.com/company/uppsala-university

"id": "sunupp1778006932",
"linkid": "sunet, uppsala-university",
"type": "Breach",
"date": "5/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'industry': 'Education',
                        'location': 'Sweden',
                        'name': 'Uppsala University',
                        'type': 'Educational Institution'},
                       {'industry': 'Technology',
                        'location': 'Sweden',
                        'name': 'Sunet',
                        'type': 'Service Provider'}],
 'customer_advisories': 'Password change advisory for guest users; IT support '
                        'contact for unusual activity',
 'data_breach': {'personally_identifiable_information': 'Possible',
                 'sensitivity_of_data': 'High (personal data)',
                 'type_of_data_compromised': 'Personal information'},
 'description': 'Uppsala University has disclosed a suspected data breach to '
                'Sweden’s Authority for Privacy Protection (IMY), following a '
                'cyberattack on Studium, a platform used by the institution. '
                'The breach originated from a compromise of Studium’s service '
                'provider, raising concerns that personal data linked to the '
                'university may have been exposed.',
 'impact': {'data_compromised': 'Personal data',
            'identity_theft_risk': 'Possible',
            'systems_affected': 'Studium platform'},
 'investigation_status': 'Ongoing',
 'references': [{'source': 'Uppsala University Disclosure'}],
 'regulatory_compliance': {'regulatory_notifications': 'Reported to Sweden’s '
                                                       'Authority for Privacy '
                                                       'Protection (IMY)'},
 'response': {'communication_strategy': 'User advisories and IT support '
                                        'contact',
              'containment_measures': 'Password reset advisory for guest users',
              'third_party_assistance': 'Sunet'},
 'title': 'Uppsala University Suspected Data Breach',
 'type': 'Data Breach'}