Carleton’s Information Technology (IT) department sent out an email on Oct. 12 warning faculty and staff of phishing emails that were being circulated after an information breach occurred in September.
According to Don Cumming, the director of university communications, Carleton became aware of the hack on Sept. 24 and continued to gather more information about it until Sept. 28.
He said they became aware of the hack when people began asking questions about odd emails they were receiving.
“We got inquiries from different people who were on our [email] list asking about it,” he explained.
Cumming said the university immediately began to search for the source of the problem, including looking at computers and changing passwords, until they identified a third-party system used by the university’s Advancement department as the source of the issue.
“We have a third-party that helps us to do mass emailing from our Advancement department so we asked them to basically turn off that server, to deny any further possible access to the information on that server,” he said.
While information was accessed, he said no confidential details were accessed.
“Our understanding is that the only information that’s been possibly looked at are names, and email addresses, and prefects.” he said. “No financial information, or personal information was seen at any time.”
Previously, The Charlatan reported that in November 2016, Carleton was the victim of a ransomware attack in which hackers demanded a bitcoin payment equaling about $2,000 in order to regain access to the stolen files unlock data on infected computers across campus. Carleton did not end up paying the ransom.
Cumming said university students should regularly be updating their virus protection and changing their passwords.
“It is an important issue and it’s important that people always be mindful of their digital presence and they need to be thinking about what the can do to adopt best practices to protect their personal information and their data and they need to be mindful about who they’re interacting with online,” he said.
He added that Carleton follows these same practices and is always looking at how they can update their online protection.
“We are constantly reviewing our IT security so it’s not that one incident prompts us to do that. We are always reviewing where we can make changes.” Cumming said. “I can tell you it’s a top priority for our information technology services department.”
Cumming also suggested that Carleton students look at the tips Carleton’s IT department offers on its website for staying safe online. Some of the suggestions include having different passwords for every account, not sharing passwords, changing passwords every four to six months, only accepting friend requests from people you know, logging off social media after usage, and using a firewall and virus protection.
He also recommnded students look at tips from “Get Cyber Safe” on the Governement of Canada’s website, as well “Stay Safe Online” by the National Cyber Security Alliance.
Photo by Sarah Ivanco
