Security Advisory: Simon Fraser University Cybersecurity and Privacy Breach

Mar 13/20 8:40 am

Simon Fraser University is in the process of recovering from a significant cybersecurity and privacy breach. Personal information of students, faculty and alumni was leaked in a ransomware attack. A ransomware attack involves using malicious software to cripple a computer system until a ransom fee is paid.

The aim of this advisory is to inform the Acadia community about what is known about these kinds of attacks and how we can help reduce Acadia’s risk of a similar outcome. The potential risks and harms connected with the exposure of your personal information are:
• Identity theft;
• Additional personal information being discovered by linking the exposed information with other sources of information; and
• Unsolicited bulk or commercial email.

What happened?
The breach occurred when SFU’s system was subjected to a ransomware attack that found a weakness in the way the information was handled. This weakness has been discovered and corrected. The data was exposed on February 27, 2020, the issue was identified and corrected on February 28, 2020. The breach affected people who joined the university before June 20, 2019. SFU is recommending the changing of all passwords as well as ongoing monitoring of personal accounts and memberships.

The personal information that was exposed included:
• Computing ID
• Student/employee ID number
• First, last and preferred names
• Birthdate
• Employee group
• Mail lists
• Course enrollment
• External email address
• Encrypted passwords

What can we do to protect Acadia?
TS would like to take the opportunity to remind you of certain best practices surrounding privacy and cybersecurity:
• Avoid downloading data to desktops, laptops, or external storage devices; practice safe sharing using OneDrive, SharePoint and Teams and utilize the VPN for access to university resources.
• Avoid using email to send any data.
• Use Strong passwords. Practice “unique account, unique password”.
• Think before you click – know for certain that email attachments and links are safe before opening.
• Keep your computer operating system, any software in use and anti-virus software up to date and enabled.
• Participate in annual security awareness training via https://training.knowbe4.com/login.

Thank you for your continued support.

CONTACT:
Acadia Technology Services
http://ts.acadiau.ca
902-585-HELP (4357)
1-888-609-3330

Go back