The University of Winnipeg said Thursday the individuals behind a cyberattack discovered last week likely “stole information” from current and former students and employees dating back more than 20 years.
The university disclosed on March 24 that a cyber incident targeted the school’s network, which led to the school delaying exams, cancelling classes and taking down internet services.
“We have now confirmed that data from a university file server has been stolen and that the stolen information likely includes the personal information of current and former students and employees,” the university said in an update posted to its website.
The information is believed to include bank account information for current and former employees who have worked for the university since 2015, as well as social insurance numbers, compensation information, names and phone numbers of all current and former employees since 2003.
Personal information of all students enrolled in University of Winnipeg undergraduate and graduate programs since the September 2018 academic year, along with students enrolled in Professional, Applied and Continuing Education (PACE) and English Language Program (ELP) programs since September 2019, is also believed to have been stolen. The server also contained the names, street addresses and funding amounts of all students who were issued T4A tax forms by the university since 2016, according to the update.
Domestic students enrolled since those dates are also believed to have their social insurance numbers exposed, the school said.
The university said it will provide all those affected by the cyberattack with a two-year credit monitoring service that will allow those people to check for signs of identity fraud. Codes and instructions on how to enrol in the service will be emailed directly to students and employees impacted.
The school added it continues to investigate the incident and whether anyone else may be affected, and will provide more information when it’s available. The investigation could take “months,” it said. Law enforcement and the Manitoba Ombudsman have also been contacted.
“This has been a terrible incident that has directly impacted our community, and for that we are deeply sorry,” the university said.
Global News has asked the Canadian Centre for Cyber Security if it is aware of the incident and if it is advising the university on next steps.