Cyber Incident Victim: Universidade do Algarve

The University of Algarve (UAlg) experienced a cyberattack targeting its academic management system between November 14 and 19, 2024. Hackers infiltrated the system during this period, exfiltrating personal data belonging to applicants, students, and staff members. The compromised information included names, email addresses, telephone contacts, and, in some cases, IBAN bank account numbers. The university confirmed the breach after detecting unauthorized access but maintained regular academic and research activities throughout the incident without interruption. On November 19, UAlg terminated the attack by deploying a software update to secure the compromised system. The institution immediately notified affected individuals through direct communication, specifying which personal data had been stolen and advising on protective measures to mitigate potential misuse.

UAlg reported the incident to Portuguese authorities upon discovery, including the National Cybersecurity Centre (CNCS), the Data Protection Commission (CNPD), and the Judicial Police’s Cybercrime and Technological Crime Unit (UNC3T). Investigations by these entities are ongoing to determine the attack’s origin and full scope. In public statements, the university expressed regret for the incident and its potential consequences, emphasizing its historical commitment to information security. UAlg acknowledged the need to reinforce its cybersecurity protocols and affirmed its intent to maintain and improve safeguards for its academic community’s data. No operational disruptions to university functions occurred beyond the data breach, and no ransomware or financial demands were mentioned in available reports.