19 December 2022

JobMotion's payroll processing system may have been targeted by a ransomware attack. This system contains personal data of everyone working for Leiden University through Jobmotion. Besides more general (contact) data, it also contains sensitive data such as BSN and financial data. The potentially leaked data includes name, address, place of residence, phone number, e-mail address, contact person and billing details.

The incident was reported by JobMotion as a data breach to the Personal Data Authority. Immediately after discovering the incident, the supplier of the payroll processing system hired a specialised cybercrime company, which immediately started investigative and remedial work.

The investigation into the facts is in its final stages. We expect the final report next week. The information we have received from the vendor so far gives cause for cautious optimism. But the supplier also indicates that the investigation is not yet final. So at this point, we cannot rule out the possibility that data has become available to third parties. We therefore ask our employees to remain alert to identity fraud. If you want to know what you can do yourself check out:

• information from the police about identity fraud
• information from the national government about identity fraud

Salary payment

This week, student salaries were processed on time and correctly. Next week there will again be weekly pay as well as monthly pay.

More information

JobMotion is in close contact with the supplier and Leiden University regarding further proceedings and the results of the study. As soon as the study is completed, we will post an update and those affected will be informed personally by e-mail. 

Should you have any further questions, please contact Leiden University's helpdesk. They can be reached via 071 - 527 88 88 (option 4) or via helpdesk@issc.leidenuniv.nl.