Students informed of SFU community data security breach

Anyone with a computing ID prior to June 20, 2019 is affected

Image: SFU IT

By: Gurpreet Kambo, News Editor

A security breach caused SFU’s Chief Information Officer Mark Roman to send out an email to SFU students on the morning of March 2, 2020. According to the email, all SFU community members who joined SFU before June 20, 2019 are affected by the breach. 

“We deeply regret this incident, are working diligently to contain the situation and are committed to helping mitigate the potential risks and harm to our faculty, staff, students, alumni, and retirees,” stated Roman, in the email.

The breach was a ransomware attack that occurred on February 27 and was amended by SFU on February 28. The exposed system is once again secure.

According to the email, the data that was potentially exposed includes:

  • SFU Computing ID
  • SFU student/employee ID number
  • First, last and preferred names
  • Birthdate
  • Employee group 
  • Mail lists which the SFU Computing ID belongs to
  • Course enrollment
  • External email address
  • Data from web forms (list of forms available on IT Services web site)
  • Encrypted passwords were also exposed.

It goes on to state that the risks related to the breach may include identity theft, unsolicited emails, and risk of additional personal information being exposed as a result of the first breech. 

SFU is still in the process of assessing the risk and responding accordingly. The email lists the steps that SFU is taking as a result of the breach. These include notifying those who were exposed, assisting individuals upon request, further investigating the breach, reviewing security and operating procedures, and reporting the breach to BC’s Office of the Information and Privacy Commissioner.

The email urges SFU community members to immediately change the passwords to their SFU Computing IDs, and to monitor their personal accounts on an ongoing basis. 

In an emailed statement to The Peak, SFSS VP University Relations Shina Kaur stated that: “I sent an email to Mark Roman requesting the SFSS be briefed on this matter. Particularly what the implications are and what SFU is doing to prevent this from happening in the future.” 

Kaur continued: “Regarding the incident, it’s extremely unfortunate that this happened but I am glad it seems to be resolved. I would recommend everyone to change their SFU password just to be safe.” 

She added that Roman’s office is presenting to the SFSS Board of Directors this coming Wednesday, after which she will have additional information to share with students.

The Peak has reached out to Roman regarding the breach, and will update this post accordingly.