British Columbia

Personal information of students, faculty, alumni leaked in SFU ransomware attack

The information exposed includes student and employee ID numbers, full names, birthdays, course enrolments and encrypted passwords.

Employee and student IDs, emails, full names among information exposed

SFU says the cause of the ransomware attack is under investigation. (Ben Nelms/CBC)

Simon Fraser University says the personal information of students, faculty, staff and alumni was exposed Thursday following a ransomware attack.

The information exposed includes student and employee ID numbers, full names, birthdays, course enrolments and encrypted passwords.

The university said it's working to determine the number of people affected. 

A ransomware attack involves malicious software used to cripple a target's computer system until a ransom fee is paid. 

SFU officials discovered the privacy breach Friday and fixed it the same day.

A university spokesperson said the cause of the attack is under investigation and declined to say whether the school paid a ransom fee.

"We deeply regret this incident, are working diligently to contain the situation and are committed to helping mitigate the potential risks and harm to our faculty, staff, students, alumni and retirees," Mark Roman, SFU's chief information officer, wrote in a campus-wide email Monday.

Roman said the breach affected people who joined the university before June 20, 2019, and urged them to reset their passwords.

He also warned people to monitor their personal accounts and membership for any unusual activity over the next few months. The privacy beach could lead to identity theft, spam emails and more personal information being discovered, Roman said. 

The school says it will report the privacy breach to B.C.'s Office of the Information and Privacy Commissioner and is reviewing its security measures.