Data breach discovered at the KNAW

On 24 November, the Royal Netherlands Academy of Arts and Sciences (KNAW) discovered a data breach caused by a phishing email. From 17 November onwards, a hacker had access to the mailbox of a KNAW employee and used that account to send phishing emails to contacts listed in it. 

What data may have been leaked?  

The unauthorised access resulted in the leakage of at least the email addresses of KNAW employees and other parties involved. Other personal data, such as first and last names and possibly telephone numbers, may also have been leaked. Criminals can misuse these data to make their phishing messages more credible.

Suspicious emails 

Criminals may send emails that appear to be from a KNAW employee – or even from you. These messages often seem personal and sometimes contain an attachment asking you to log in or click on a link. Do not click on this link, and certainly do not log in. 

Actions by the KNAW

The hacker's access was blocked immediately after the data breach was discovered. Additional security measures have also been taken. The KNAW is currently investigating the extent of the data breach and what steps are needed to prevent a recurrence in the future.

What you can do yourself 

Be extra careful when opening links or attachments in emails, text messages, and app messages.  

You can recognise suspicious messages by, for example: 

• Typos or unusual wording
• Unknown senders
• Email addresses that are slightly different from what you are used to
• Always check the part after the @ sign (the domain name), such as “@knaw.nl” or "@nioo.knaw.nl". If it doesn't look right, the email is probably not trustworthy

Do not respond to the email directly, but call the sender, if possible, to check whether the message really came from that person. 

Questions? 

Do you have any questions? Please contact us at privacy@knaw.nl.