SFU hit by ransomware attack, resulting in data breach

    1 of 1 2 of 1

      A Metro Vancouver university has sent out an alert that a data breach has taken place at the institution.

      Simon Fraser University (SFU) states on its website that a privacy breach was identified on February 28.

      Those affected include any faculty, staff, students, alumni, and retirees who joined the university before June 20, 2019.

      A letter issued today (March 2) from SFU chief information officer Mark Roman states that anyone affected should change their password.

      “While it does not appear that any SFU Computing accounts have been compromised, changing your password now will significantly mitigate that risk,” Roman states.

      Roman explains that a ransomware attack found a weakness in their information system on February 27 but was corrected on February 28.

      Information that was exposed includes SFU Computing IDs; SFU student or employee ID numbers; first, last, and preferred names; birthdates; employee groups; mail list memberships; course enrollment; external email addresses; web form data; and encrypted passwords.

      The potential risks of the breach are identity theft, additional personal information being discovered by linking exposed information with other information sources, and unsolicited bulk or commercial email.

      SFU is taking action to reduce or control the potential harm from this breach and to prevent future incidents, including notifying and assisting affected individuals about the data breach; investigating the cause and extent of the data breach and taking any necessary further action; evaluating the risks and responding to them; and reviewing and changing physical, procedural, technical security measures, and internal operating policies and procedures.

      The school is also reporting this privacy breach to B.C.'s Office of the Information and Privacy Commissioner.

      SFU IT Services posted a message today (March 2) that they are experiencing higher than normal traffic to the SFU Computing ID password reset webpage. As a result, the page may be unavailable.

      You can follow Craig Takeuchi on Twitter at @cinecraig or on Facebook