SFU says a data breach has affected students, staff, and alumni

Mar 2 2020, 12:43 pm

Simon Fraser University (SFU) students, staff, faculty, and alumni are being alerted of a privacy breach affecting personal information at the school.

A statement posted on the school’s website today says individuals who joined the university before June 20, 2019, should change their SFU Computing ID passwords.

“While it does not appear that any SFU Computing accounts have been compromised, changing your password now will significantly mitigate that risk,” reads the statement, adding those impacted have been notified directly.

“Information that was exposed includes student and employee numbers, names, birthdates, mail list memberships and course enrollments. Encrypted passwords were also exposed.”

The university says the breach occurred when the school’s system was “subjected to a ransomware attack that found a weakness in the way the information was handled” on February 27.

“This weakness has been discovered and corrected,” said SFU, adding that no systems are currently exposed.

The university is taking “immediate steps” to control and reduce the potential risk from this breach by investigating the cause and extent of the incident, evaluating the risks associated with the breach, and reviewing and changing appropriate measures and procedures. The university has also reported the incident to BC’s Office of the Information and Privacy Commissioner.

“The university deeply regrets this incident, we are working diligently to contain the situation and are committed to helping mitigate the potential risks and harm to our faculty, staff, students, alumni, and retirees,” said SFU.