Update 13 February 2024 at 13:30:
7,873 students or employees at UiO are affected by the error in Feide.
The service providers received information about the national identity numbers of users who logged in during this time period, in addition to other information that the providers receive upon log-in according to prior agreement.
During the specified time period, a total of 595,000 people had their national identity numbers shared without agreement; 15,019 of these are employees or students at UiO.
Sikt, which supplies Feide, emphasises that the national identity numbers have not been openly available online.
Not openly available online
The national identity numbers in questions were sent directly to specific systems and were never openly available online or to anyone other than the receiving systems.
Not all systems received the data, so the number of users who have actually had their national identity numbers saved is 20,684. Many of the suppliers have already deleted the information.
Sikt has full overview of people, host organisations, and suppliers that are affected by the error. They are in contact with all suppliers who may have received the national identity numbers and will ensure that the data is deleted.
Who might have seen the national identity numbers?
Only certain employees at the service providers may have seen the national identity numbers, and they are used to handling personal data in the correct way.
UiO considers it unlikely that the national identity numbers will be misused by the service providers.
Do I have to take action?
The national identity number in itself is not considered sensitive information.
UiO has no reason to believe that your information has been misused and considers it unlikely that it will be exploited.
You do not need to do anything actively, but in similar incidents the Norwegian Data Protection Authority has recommended that those affected be aware of unusual actions related to insurance, banking, or credit cards. Also keep an eye on whether credit checks are carried out that you are not aware of, or if you receive e-mails out of the ordinary.
UiO has notified the Norwegian Data Protection Authority about the incident.
Sikt will continuously update the following website re. this case:
https://www.feide.no/nyhet/enkelte-tjenester-har-fatt-utdelt-fodselsnumre-uten-avtale (feide.no – Norwegian only)