This is a breach of personal data security, and as the data controller, we have reported the incident to the Norwegian Data Protection Authority.
UiO assesses the risk to those affected by the breach as low, but we still want to inform our employees about the incident.
DF? is the service provider for UiO's payroll and accounting system. DF? has had a breach of personal data security in the "DF? Insight" service. This resulted in managers and authorized users at nine other universities who also use DF?'s system could access personal information about UiO's employees, contractors, and others with employment-like affiliations.
When DF? became aware of the error, the service was shut down. An investigation of logs indicated that no data was exported or retrieved from the service during the short period the information was accessible.
Noting indicates that our staff personal information has been misused.
The University of Oslo will follow up with our service provider DF? to ensure that similar deviations do not occur again.