The National Cyber Security Directorate (DNSC), notified by officials of the University of Medicine and Pharmacy „Carol Davila” after the institution’s Facebook page was targeted in a cyber attack, announces that it does not have regulatory/control responsibilities over this social media platform. At the same time, DNSC recommends notifying the ANPC.
The University of Medicine and Pharmacy „Carol Davila” in Bucharest announced on Thursday that the official Facebook page of the institution was compromised following a cyber attack, and the competent authorities were informed. „The content recently posted on this platform is tainted and does not reflect the values and messages of our institution,” university representatives conveyed after indecent images appeared on the page.
UMF "Carol Davila" notified the National Cyber Security Directorate. However, DNSC responded that it does not have regulatory or control responsibilities over Facebook and guided the university representatives in the account recovery process.
"Following the assistance request, DNSC contacted the representatives of the University 'Carol Davila' to help identify and implement the necessary measures for the recovery of the compromised account. Our team of experts provided support to the university to initiate the necessary reporting procedures to Meta, the administrator of Facebook, for the recovery of the university's account.
Additionally, DNSC recommended that, in parallel, the University should also notify the National Authority for Consumer Protection. Meta has control and can directly intervene in verifying compliance with Facebook platform policies and procedures, and the University 'Carol Davila', as the holder of the compromised account, is the institution entitled to request assistance in its recovery," stated in a DNSC press release quoted by News.ro.
Officials of this institution mention that "the process of recovering the University 'Carol Davila' account depends on how the incident is reported and the assistance provided by Facebook's technical team."
"To deter these malicious activities, we recommend the University of Medicine and Pharmacy 'Carol Davila' to assign a person from the IT and Cybersecurity department to secure the social media accounts and the institution's official website. Additionally, we recommend using multi-factor authentication (MFA) and implementing measures to manage the university's account only from approved devices with appropriate security policies," specified the Directorate for Cyber Security.
Representatives of the institution point out that on the official website www.dnsc.ro, in the Awareness section, there is a Guide for protecting and recovering social media accounts, which provides practical information on how to act when accounts on social networks are compromised.
"It is the responsibility of each institution and individual to ensure the security of their own social media accounts and the official website to protect information and prevent security incidents," DNSC specifies.