Security incident February 2020

Reported to the Danish Data Protection Agency on 28 February 2020:
The University of Copenhagen has discovered a security breach which, through the plagiarism control in Absalon, has given students unintended access to their fellow students' papers in the case of matches.

The ‘Urkund’ plagiarism control is available both as an app in Absalon and in Digital Exam and also exists as an independent service. The plagiarism control analyses a submitted paper for similarities and matches with other texts and delivers a percentage result.

In Absalon, the lecturer can choose to turn on the plagiarism control when they set the students a paper for submission. The analysis results in a percentage score.

In February 2020, UCPH was informed that the Urkund plagiarism control could give students unintentional access to fellow students' papers in Absalon in the case of matches. By clicking on their score percentage, students could access matching texts via the Urkund website, which in some cases were other people's papers.

The security gap was immediately closed by the supplier. In future, access to matching texts will require the lecturer to log into the Urkund website.

It has not been possible to identify any affected persons, and the Danish Data Protection Agency has now closed the case.

If you have any questions in this regard, please feel free to contact the University of Copenhagen’s data protection officer.

Lisa Ibenfeldt Schultz
dpo@adm.ku.dk
TEL: +45 35335688