University Of Winnipeg Data Breach Far Worse Than Thought

   August 16, 2024  Posted in DarkReading


The investigation into the University of Winnipeg data breach has now concluded, and the University has updated its notification to reflect the expanded scope of the breach. According to the latest update, the data exposed in University of Winnipeg cyberattack spans a significant period and affects various student groups, graduates, and employees.

“That investigation has now concluded, and we have updated our notification of groups likely affected and information exposed,” reads the official notice released on the University website.

University of Winnipeg Data Breach: Investigation Findings

Upon concluding the University of Winnipeg data breach investigation into the March 2024 cyberattack it was revealed that extensive data breach took place than initially reported.
The data breach affects various groups, including undergraduate and graduate students enrolled from 2018 to the present, NSERC Undergraduate Student Research Awards (USRA) winners from 2003 to 2010, and Master’s in Development Practice students from 2011 to 2018. The compromised information includes personal details such as names, addresses, student numbers, dates of birth, social insurance numbers, and, in some cases, health and financial information.
The data breach at University of Winnipeg also extends to all current and former employees dating back to 2003, exposing their names, social insurance numbers, dates of birth, contact information, and compensation details. Specific groups of employees, such as those on maternity leave, long-term disability leave, or sick leave, have had additional sensitive information compromised, including medical history and treatment plans.

The University has extended its offer of a two-year credit monitoring service to all individuals included in newly identified groups. This service is crucial in enabling those affected to monitor for signs of identity fraud and take protective actions if necessary.

The credit monitoring service is designed to provide proactive alerts if someone attempts to open a credit account in an individual’s name, thereby offering an additional layer of security.
“It is disturbing that higher education institutions like the University and other public sector organizations are being targeted by cyberattacks. This has been a terrible incident that has directly impacted our community. We are grateful to the staff members who worked many long hours to restore systems following the attack, as well as to our entire UWinnipeg community for their patience and understanding through this challenge. Rest assured that we are carefully considering the results of our investigation and are emerging from this incident with stronger cyber defences,” reads the official notice.

What Happen?

On March 25, 2024, the University of Winnipeg disclosed that it had fallen victim to a cyberattack, an incident that has since sent shockwaves through the campus community. Initially, the University revealed that personal information had been compromised, prompting the administration to offer a two-year credit monitoring service to those likely affected. As the investigation progressed, it became clear that the impact was far more extensive than initially anticipated.

On April 4, 2024, the University confirmed that the stolen data included a wide range of personal information belonging to various groups within the University community. This information was shared transparently on the University’s website, detailing the types of data exposed and the specific groups of individuals likely affected.

At that time, the University committed to a comprehensive investigation to determine whether additional individuals were affected and to provide further notifications based on the findings.

Moving Forward

The University of Winnipeg continues to emphasize its commitment to safeguarding personal information and has taken steps to enhance its cybersecurity measures in the wake of this incident. While the full impact of the breach is still being assessed, the University is dedicated to providing ongoing support to those affected and ensuring that similar incidents do not occur in the future.

In conclusion, the University of Winnipeg’s recent update highlights the extensive nature of the data breach, affecting a wide range of students and employees. The administration’s transparency and commitment to offering credit monitoring services are steps in the right direction, but the incident serves as a reminder of the importance of strong cybersecurity measures in protecting sensitive information.



Source link