SFU says approximately 200,000 individual records affected in cyber attack

Feb 16 2021, 11:51 pm

Simon Fraser University (SFU) is notifying its community of a cyber attack on one of its servers that resulted in the exposure of personal information.

According to SFU, spreadsheet data on the breached server contained personal information for a number of current and former students, faculty, staff and student applicants.

Approximately 200,000 individuals were impacted, the school said, noting that IT personnel were first alerted to the incident on February 5, and upon investigation discovered that the server had been attacked.

“The personal information varies for each individual based on the type of information stored in the spreadsheets,” the school said. Data exposed does not, however, include information such as banking details, Social Insurance Numbers (SIN) or passwords.

For the majority of those impacted, “the personally identifiable information is their student/employee ID number and at least one other data element,” the school noted. Other examples include things like admission or academic standing data.

SFU said affected groups include the following:


  • Continuing Faculty with active ranks in 2018
  • Continuing and Term Librarians with active ranks in 2018
  • Term Instructors actively teaching in 2018 (including Term Lecturers, Term Lab Instructors, Visiting Faculty, Post Retirement Faculty)
  • Sessional Instructors actively teaching in 2018

Student admissions and enrollment

  • Student who enrolled between 2012 and 2020
  • International who enrolled between 2009 and 2018
  • Student enrollments between Fall 2012 and Spring 2019

Student data

  • Engineering Science & Math student grades between 2013 and 2018
  • Student grades for Pre-Calculus and Calculus between 1999 and 2018
  • Statistics 403 course grade data for transfer credit students between 2000 and 2016
  • Students with international characters (such as à, ä, â, 市 …etc.) in their name or address between 2007 and 2014

Academic status

  • Students who applied for financial aid between 1988 and 2017
  • Students on academic probation in December 2018
  • Undergraduate and graduate student honour and awards between 1968 and 2020
  • Students who made transcript requests between 2016 and 2019


  • Indigenous students in fall 2018
  • Fraser International College (FIC) students between 2014 and 2018
  • Student athletes between 2006 and 2014
  • National Collegiate Athletic Association (NCAA) student data from 2018

The university said it is directly notifying all impacted individuals who have a current email address on file.

In the meantime, if the person wants to check if their information was included in this breach, they can do the following:

  • Check online, with an SFU computing ID and password, to find out if they’ve been included in the breach and what personally identifiable information may have been exposed.
  • Contact SFU IT Services Help Desk at [email protected] or 778-782-8888
  • Review further information on SFU’s website

“Although the risk of identity theft is low, those impacted should monitor personal accounts and memberships of all kinds for any unusual activity over the next several months,” the school said in a statement. “We recognize how frustrating it is for individuals who have had personal data exposed.”

And while the school admitted that cyberattack attempts are on the rise with increasingly sophisticated methods to gain entry into IT systems, it also said that “information security is a high priority for SFU.”

The school added that at this time, SFU accounts have not been compromised, “nor have we found evidence of compromised passwords, banking information, or regulated data.”

Eric ZimmerEric Zimmer

+ News
+ Crime