In a statement released on Monday, Algonquin College gave an update on the data breach that occurred on May 16, through a server infected with malware.
According to the college, the forensic investigation continues but so far has revealed no direct evidence that any data was actually accessed or taken in the attack.
The college also says that no financial information was accessed by the hackers such as social insurance numbers (SIN) or banking and credit card information. Health information was also not accessed in the breach.
So far, the college has identified 4,568 students and alumni who may have had more detailed information exposed such as their date of birth and home address.
The college said that those individuals were alerted via email on Monday and will also be receiving a letter in the mail informing them of the information that was accessed. The college also says that these individuals are being offered identify-theft protection from the college.
The college also says that an additional 106,931 individuals – including students, alumni, and current and former employees – had what the school called “non-sensitive information” possibly exposed. The college is in the process of contacting this second group by letter but believes that this information has a low change of misuse.
The college says it has implemented a number of new security measures that have been recommended from a third-party security adviser in order to prevent a breach like this from happening again.
“We are committed to communicating with and supporting those affected – and addressing any concerns they might have,” said Algonquin College president Cheryl Jensen. “We are also focused on reviewing and improving security measures to help us guard against similar incidents.”
The forensic investigation into this incident continues and the college has set up a toll-free number for anyone with questions or concerns (1-866-252-2644 during normal business hours). Those with concerns can also email firstname.lastname@example.org