FAQs on the publication of data

[As of: 19 January 2023] After the cyberattack on UDE, the criminal group responsible for it published data on the darknet. Here you will find answers to frequently asked questions.

Who is Danny – stock.adobe.com

What happened?

In the attack on 27 November 2022, cyber criminals had penetrated the University’s internal network, encrypted large parts of its data and systems and unfortunately also captured data. This data was published by the criminal group on the so-called darknet on 15/16 January 2023.

The university shut down its IT infrastructure after the attack at the end of November, informed the relevant security authorities and filed charges. The central point of contact for cybercrime for North Rhine-Westphalia (Zentral- und Ansprechstelle Cybercrime Nordrhein-Westfalen;ZAC NRW), part of the public prosecution office in Cologne, has been leading the investigation since then.

Where was the data published?

The data was published by the criminal group on the darknet. The darknet is a hidden part of the Internet. It cannot be found via conventional methods (e.g. Google searches) and users of it navigate anonymously. It is used as a hub by criminals.

Can I check the darknet myself to see if any of my data has been published?

IT experts strongly advise against this, as malware could also be hidden in the stored files, which common virus scanners may not detect. If you are active on the darknet, you run the risk that you make yourself liable to prosecution.

Am I affected?

If your data has been affected by the cyberattack on the University of Duisburg-Essen, you will be notified. If you do not receive a notification within the next few weeks, you may assume that you are not affected.

You can still check whether your personal access data has been published via these portals recommended by the Federal Office for Information Security (BSI):

HPI Identity Leak Checker (German): response by email

haveibeenpwned.com (English): response directly in the browser

What do I do if I am affected?

Immediately change the password of the affected user account and check whether you have used the affected password for other accounts. The longer the access data published on the darknet remains unchanged, the more third parties can use them for their own purposes.

Criminals often use data published on the darknet to make online purchases or conclude contracts in the name of others. If you have been informed that your data has been affected, please immediately follow the recommendations issued by the Federal Office for Information Security (BSI):


Can my data be removed from the darknet?

Only by the criminal organisation itself. There are no supervisory authorities on the darknet or individuals legally responsible for its content, as is the case on the Internet. Moreover, its servers are usually not run from Europe. Accordingly, it is difficult for law enforcement authorities to intervene in the darknet and delete uploaded data. There are rare, exceptional cases where the police have shut down illegal systems. It is therefore essential that those affected change passwords and other data that have been published as quickly as possible.

How will my data be protected in the future?

We can assure you that all our security measures are based on the standards of the BSI and the BSI’s IT-Grundschutz methodology. In the future, we will further strengthen our IT security measures with the help of external experts.

Unfortunately, there is no such thing as 100% protection against cyberattacks, as criminal groups are extremely professional and constantly adapt their tactics to new security measures.

How can I protect myself?

Make sure that you only use secure passwords and do not use one password for several services.

The BSI provides information on secure passwords here:


I have further questions: who can I contact?

As soon as we have further information, this FAQ list will be updated.