Dutch University Exposes Personal Data for Nearly a Year via Power BI Tool

Dutch University Exposes Personal Data for Nearly a Year via Power BI Tool

First seen 2 Jul 2026, 22:50 UTC CybernewsTeiss 91% similarity 51.1
Share:

Article Content

Browse articles
ThreatCluster

Avans University of Applied Sciences revealed a yearlong exposure of sensitive personal data through its internal management reporting tool, AMIGO, built on Microsoft Power BI. The breach originated from a configuration change on June 30, 2025, allowing unauthorized access to data traceable to individuals. The issue was discovered by an employee on June 8, 2026, prompting immediate action to close the vulnerability and notify affected individuals. The university reported the incident to the Dutch data protection authority and has initiated an internal investigation to understand why the exposure went undetected for so long. While the university has not disclosed the specific types of personal data exposed, it confirmed that the data was sensitive in nature. Avans maintains that there is no evidence of data misuse and that the incident was not the result of a cyberattack. The responsibility for securing the data lies with the university, despite Microsoft owning the Power BI platform.

Key Points: • Avans University exposed sensitive personal data for nearly a year due to a configuration error. • The breach was discovered by an employee on June 8, 2026, after going unnoticed since June 30, 2025. • The university has launched an investigation and reported the incident to national privacy regulators.

ThreatCluster AI

Timeline

2025-06-30
Configuration change leads to data exposure
A change in the Microsoft environment allowed unauthorized access to sensitive personal data in the AMIGO tool.
Teiss
2026-06-08
Data exposure discovered
An Avans employee flagged the unauthorized access to personal data, prompting immediate action.
Teiss
2026-06-30
Affected individuals notified
The university notified all individuals whose data was exposed, explaining the types of personal data involved.
Teiss
2026-07-02
Incident reported to data protection authority
Avans University reported the data breach to the Dutch data protection authority following the discovery.
Cybernews

Community

Browse all →