Apparently the perpetrators of the attack on the IESE business school have been the group La Nueve (Anonymous), this group claims to have compromised around 42 millions of emails and around 300.000 personal data.
The school itself admitted that its web servers had been victims of continuous cyberattacks and that there had been unauthorized access to its clients' data.
The institution acknowledged that the attack would have affected the IESE Publishing website, which distributes the teaching material of the business school, and also its knowledge portal IESE Insight.
Apparently the hackers reported that the data theft was made possible thanks to a vulnerability in the center's servers. “Trabajar con servidores bajo Windows XP y ASPNET es una osadía”, dijeron. El propio IESE reconoció que la primera hipótesis con la que están trabajando es que la brecha se ha producido en la web de IESE Publishing, que está alojada en un servidor antiguo, y que desde allí han podido acceder a distintas bases de datos.
Como consecuencia de esta incidencia el departamento de tecnologías de la información del IESE ha decidido apagar los sistemas más críticos y cambiar las contraseñas más sensibles. También ha informado por correo electrónico a sus antiguos alumnos y clientes sobre el ataque. As a protective measure, the access passwords of our former students and IESE Publishing clients have been deactivated. From now on, any student will have to change their passwords to access IESE services.
Eduardo Díaz del Río, who is the data protection officer, stated that he is aware of the importance of safeguarding the data of their clients, students, employees and collaborators, 'and for this we apologize'. We are putting all means in place to minimize its impact.