NL

MUN investigating Grenfell cyberattack as classes pushed back a week

Earlier this week, Grenfell Campus in Corner Brook shut down its IT systems in the wake of a cybersecurity attack. But vice-president Ian Sutherland says they’re managing the situation, even as emails are down and the start of class is delayed.

It’s unknown if personal information has been leaked

Man smiling in black suit and purple shirt.
Ian Sutherland, vice-president at Memorial University's Grenfell campus, said it's not currently known if any data was stolen in a cyberattack that hit the school's IT system late last week. (Todd O'Brien/CBC)

Days after a cybersecurity attack at Grenfell Campus in Corner Brook, the resumption of winter classes has been pushed back a week and email services are still down, while vice-president Ian Sutherland said Wednesday an investigation is underway to determine the scope of the problem.

He said the school became aware of an information technology service issue on Dec. 29 and enacted emergency protocols to contain it. As a precaution, he said, the Marine Institute's IT services were also temporarily shut down.

"As part of our protocols, whenever an incident like this happens, we need to shut down our IT services to focus on containment. And that was of course done," Sutherland told CBC News.

"And I think one of the success factors of this, is that the issue has been contained to Grenfell Campus, so not impacting currently any of the other campuses of the university."

Services like MUN email accounts aren't operational, although Sutherland said they are looking into workarounds for that problem.

WATCH I This professor outlines some of the uncertainties caused by the cybersecurity breach:

Plenty of questions, few answers for MUN faculty in ongoing cybersecurity incident: MUNFA

12 months ago
Duration 1:53
Josh Lepawsky, president of the Memorial University of Newfoundland Faculty Association, says it’s unclear whether there will be computers available to teach classes at its Grenfell campus in Corner Brook, or when they will be available. He says faculty only received additional details of the cybersecurity breach on Wednesday, Jan. 3, despite MUN releasing a public statement three days earlier.

"If there has been any data that has been leaked or lost, we will of course inform those directly impacted as soon as we possibly can," said Sutherland.

He pointed to a "rise in cybersecurity issues" across the university sector in Canada, but couldn't say why it happened at Grenfell specifically.

In an email, MUN spokesperson Chad Pelley said the school contacted the RCMP's National Cybercrime Coordination Centre and the Royal Newfoundland Constabulary, as well as the Canadian Centre for Cyber Security and the Canadian Anti-Fraud Centre, on Dec. 30.

Following protocols

Memorial University associate professor and computer security expert Jonathan Anderson said he couldn't talk about the specifics of this incident but it looks like the university is actively tackling the problem.

"In general, initially you're really looking for people to kind of accept that there is a problem, start acting on it, start containing the problem, limit the damage to other operational kinds of systems and to start doing investigative work and preserving evidence if it's needed for law enforcement or other authorities," Anderson told CBC News.

A man in a navy sweater with greying brown and half-rimmed glasses. He's sitting in a computer lab.
Jonathan Anderson, associate professor at Memorial University with a focus on computer security, says there can be a lot of different motives behind a cyberattack. (Mark Cumby/CBC)

While it's still early days after the cyberattack, Anderson said these are good signs.

In these cases, he added it's important to isolate systems so the problem doesn't spread and compromise more systems, and ensure it doesn't become a provincewide issue.

He said there are a number of reasons as to why a person or group might want to access a university system, including pre-commercialized technology and intellectual property theft.

"In some cases it could be a very vanilla, box-standard kind of motivation, like ransomware or something like that," said Anderson.

"We don't really know in this particular case, but there are lots of reasons that somebody might be interested in causing havoc, and it might be, as they say, for fun or for profit."

Faculty brace for impact

Memorial University of Newfoundland Faculty Association president Josh Lepawsky has concerns over how the administration has been communicating with Grenfell faculty over the cyberattack.

He said Grenfell faculty had their first emergency meeting on the situation Wednesday morning and they have been told faculty will need to return laptops and computers that were issued by the university for a checkup.

In the meantime, Lepawsky said, faculty have been told they might have to use their own devices for courses, which he described as "problematic, to put it mildly."

Lepawsky is also concerned that the suggested workarounds — faculty using their own devices for work — haven't been thought out, as these devices have personal data on them.

"And so employees are being put in a situation where they are, in effect, being asked to risk their personal data security in order to do their job," he said. "It is an emergency situation. Faculty, you know, need and want to do their job, but we also have to have the appropriate tools provided by the people who employ us."

A man in a dark blue long-sleeved shirt leans on a railing inside a building full of glass windows.
Memorial University of Newfoundland faculty association president Josh Lepawsky calls this incident at Grenfell an emergency. (Submitted by Josh Lepawsky)

IT problems could also have impacts on research being carried out by faculty, he said.

While he said the administration has said in-person classes will start on Monday, he doesn't think it will be a smooth transition, though he understands that faculty and administration are doing what they can under the circumstances.

CBC News requested an interview with Education Minister Krista Howell but was instead sent an email on behalf of the department by spokesperson Lynn Robinson, who said MUN is an autonomous institution and questions should be directed to the university.

However, Cape St. Francis MHA and PC digital government and services critic Joedy Wall said he's worried about the silence from the Liberal government on the issue.

"The security incident is very concerning. We had our first one in the province back in 2021 in our health-care system and one of the worst in the country. And here we are now in 2024 with another security breach in our education system," said Wall.

Wall said he understands MUN and the government are separate entities but the government should be proactive on the issue of curbing cybersecurity threats.

He added that MUN had said a spokesperson would be available in the coming days to talk more about what happened, but suggested that's little consolation to students who are worried their financial information might have been compromised.

Download our free CBC News app to sign up for push alerts for CBC Newfoundland and Labrador. Click here to visit our landing page.

ABOUT THE AUTHOR

Elizabeth Whitten is a journalist and editor based in St. John's.

With files from Colleen Connors