Personal information of thousands, including SINs and bank info, likely exposed in cyberattack: U of Winnipeg - Action News
Home WebMail Tuesday, November 26, 2024, 06:13 AM | Calgary | -17.5°C | Regions Advertise Login | Our platform is in maintenance mode. Some URLs may not be available. |
Manitoba

Personal information of thousands, including SINs and bank info, likely exposed in cyberattack: U of Winnipeg

Personal data from potentially thousands of students and staff was stolen during a cyberattack late last month, the University of Winnipeg says.

Leak of information in March cyberattack could affect all students enrolled since 2018, staff since 2003

A castle-like building is seen from the exterior. A sign in front says
The cyberattack that temporarily shut down the University of Winnipeg means it's likely students and former and current school employeeshave had theirnames, social insurance numbers, birth dates and bank informationexposed tothe attackers, the university says. (Darren Bernhardt/CBC)

Personal data from potentiallythousands of students and staff was stolen in a cyberattack late last month, the University of Winnipeg says.

The names, social insurance numbers, birth datesand addresses of former and current students and school employeeshave likelybeen exposed tothe attackers, the university said in a Thursday news release.

The bank account information ofanyone employed by the university since 2015 is also part of the potential exposure.

"We're talking about personal financial information going back,I think in some cases, even 20 years," said Peter Miler, president of the University of Winnipeg Faculty Association.

"It's clearly highly serious. It's a lot of data, specific data, that can be used in a lot of nefarious ways."

The leak potentially affectsall graduate and undergraduate students enrolled since the fall of 2018, those enrolledin professional, applied and continued education and English-language programs since September 2019, as well as students who were issued T4A forms by the U of W since 2016, the university said.

All current employees and all former employers since 2003 are also likely affected.

LISTEN | Faculty association president reacts to U of W cyberattack update:

Peter Miller, president of the University of Winnipeg Faculty Association, speaks with host Faith Fundal about the fallout of the recent cyber attack that temporarily paralyzed the university.

The phone numbers of staff and compensation information were also part of theleaked data, the university said.

"I'm disturbed," said Karen Froman, assistant professor in the school's history department. "Alot of personal information has been leaked. So I'm very concerned about this, not only for myself but, you know, for the students as well."

Students might have also had their fees and tuition amounts, gender and marital status information, and student numbers stolen by the attackers, the university said.

"Immediately, I reached out to my parents and was like, what do I do?" said Elysse Paterson, a classics major.

"If people can take everything from me I mean, I don't have much to give. But there's a lot of personal information, and I justdon't know how to cope with this."

Himanshu Gill, a business administration student, said he feels powerless knowing that bad actors may have their hands on his personal data.

"They can exploit us in the near future," he said. "So yeah, it's a little bit concerning."

Investigation could take months, school says

The U of W said it's still investigating whether other people have been affected by the attack, which was detected on March 24,but has "now confirmed that data from auniversityfile server has been stolen and that the stolen information likely includes the personal information of current and former students and employees," the university's news release said.

It's believedthe theft likely occurred the week before it was discovered.

The university pushed back its exam period and move-out date for students living on campus in the week following the detection, which led to the shutdown of some of its critical systems.

A closeup shows a hand typing on a computer keyboard in a dimly lit room.
Marc Perreault, senior manager of security assurance at Mozilla, said all the information has probably been put up for sale on the dark web already. (Tammy54/Shutterstock)

"We're also scrambling of course to finish the term and deal with the continuing ramifications of the cyberattack's kind of freezing of some technology on campus," Miller said."So it's definitely akind of whirlwind of bad things all at once."

The probeinto the attack could take months, the university says. Law enforcement and the Manitoba Ombudsman office have been notified.

The university saysit's providing anyone who was likely affected by the attack with two-year credit monitoring so they're better protected against identity fraud. Instructions will be sent out in the coming days.

Marc Perreault, senior manager of security assurance at Mozilla, said all the information has probably already been put up for sale on the dark web.

He said all it takes is one flaw in an organization's cybersecurity protocols for attackers to gain a foothold into a system.

"At the end of the day, you know, it would be hard to believe if the university was negligent and that was the cause of this," he said. "The reality is, it happens to individuals and then everything up to like organizations with tens of thousands of users."

In its release the university says it is "deeply sorry" about the incident and pledgesto implement stronger defences in its online systems.

Miller said the faculty association will continue to push the school's administration for transparency into the situation, and more protections.

With files from CBC's Jim Agapito and Radio-Canada's Mario De Ciccio