Algonquin College has concluded an investigation, after discovering that one of its servers containing personal information of current students and alumni was compromised, according to a press release.
The malware was discovered earlier in May, prompting the college to conduct a forensic review.
The review showed that while there have been no reports of identity theft, 4,568 individuals’ information may have been exposed, including date of birth and home address.
According to the release, an additional 106,931 individuals—including students, alumni, current and former employees—had non-sensitive information that may have been exposed on the server, such as e-mails and course selection.
Cassidy Routh, a recent graduate from the early childhood education program at Algonquin, said in an email that she received a letter in the mail stating that the breach possibly affected her name, school and/or personal email, and phone number—no financial information, however.
“I was most definitely worried when I heard about the breach, as this could have ruined my life in a way that I could not get back. I could not imagine my social insurance number just being out there for anyone’s personal use,” she said.
According to Algonquin’s website, the analysis shows that no financial information, such as banking, credit card information or Social Insurance Numbers were exposed in the attack.
The investigation also revealed no evidence that the data was accessed or taken from the servers.
Cheryl Jensen, Algonquin College president, said in the release that the college is communicating with and supporting those affected, as well as addressing any concerns they might have.
“We are also focused on reviewing and improving security measures to help us guard against similar incidents,” she said.
Algonquin isn’t the only post-secondary school to fall victim to a cyber attack.
In November 2016, Carleton University’s network was the subject of a ransomware attack where the hackers asked for bitcoins in return for data, according to a previous article by the Charlatan.
Similarly, in May 2016, the University of Calgary (U of C) faced a ransomware attack that affected more than 100 of their computers.
The U of C was unable to recover their data, leaving them with no option but to pay the $20,000 ransom.
The Government of Canada website outlines ways businesses and institutions can create stronger cyber safety policies.
It calls for establishing clear internet usage policy, where the types of websites employees are allowed to access are restricted.
“Consider implementing a web filtering system. Advise employees on what software is safe to install on their computers, and to seek permission when downloading new programs,” the website reads.
Additionally, it suggests establishing rules on how employees use personal emails for work purposes. One suggestion was the need for guidelines on whether employees should use their work emails to sign up for social media sites and newsletters.
According to the press release, Algonquin has informed the Information and Privacy Commissioner of Ontario and the Ottawa Police Service about the situation, so they are able to assist individuals affected in the event that some misuse of their personal information occurred.