Simon Fraser University says it has suffered a data breach that could potentially affect thousands of people.
The school said Monday it had been the target of a ransomware attack, and that the breach affects “faculty, staff, students, alumni, and retirees who joined the University prior to June 20, 2019.”
The school says student and employee numbers, names, birthdates, external email addresses, mail list memberships, course enrollments and encrypted passwords were exposed.
It was not immediately clear exactly how many people were affected.
“The university deeply regrets this incident, we are working diligently to contain the situation and are committed to helping mitigate the potential risks and harm to our faculty, staff, students, alumni, and retirees,” said SFU in a statement.
The school is asking students and staff to change their passwords immediately.
SFU said it does not appear that any SFU Computing accounts were compromised. It added that it has directly notified people who have been affected.
Dominic Vogel, founder of Port Coquitlam cybersecurity firm Cyber SC said he gave SFU “top marks” for its response to the breach.
He said the email the university sent to students was comprehensive in revealing what data was affected and actions for students and staff to take.
He said it was also good news that the affected data didn’t include things like social insurance numbers, but the birthday and email information could be used by hackers looking to trick people into revealing more information.
According to the university, the ransomware attack “found a weakness in the way the information was handled.”
SFU says the data was exposed on Feb. 27, and the school identified and corrected the issue the following day. It is also reporting the breach to B.C.’s Office of the Information and Privacy Commissioner.”
The university says staff are available to assist anyone who was affected to mitigate potential harm.
It says it is still investigating the cause and extent of the data breach, along with potentially associated risks.
The school says it is also reviewing its policies, procedures and security in the wake of the breach.