Those impacted by the cyberattack that hit the University of Winnipeg last month say they are worried about the possibility of their personal data falling into the wrong hands.
The university was hit by the cyber attack last week, which resulted in thousands of pieces of data potentially stolen, including names, social insurance numbers, birth dates, addresses, and bank information, some of it dating back to 2003.
“I’ve been here 32 years. And this has been the worst 10 days of my career,” said Scott Forbes, a biology professor at the University of Winnipeg.
“It was almost impossible to process. I was thinking immediately of the effects on my students.”
Forbes said his worry increased when he learned of the scale and scope of the cyberattack.
“I didn’t think it could get worse, but it just got much, much worse,” he said.
For some students, it has been providing additional stress, on top of the exam season.
“Once I get through that, I can start worrying about my identity,” said Raine Hayward, a first-year student.
“It just screwed everything up. And it just made us really unhappy,” added Dillon Menzies, another first-year student.
The University of Winnipeg is investigating the incident, and is providing free credit monitoring for those impacted for two-years.
Hernan Popper, the founder of Popp3r Cybersecurity, said those involved should assume their data was stolen and act accordingly.
“This is not something that starts and ends, but for the affected individuals, it’s a problem for life,” he said.
Popper said people should contact Equifax and TransUnion, and let them know your social insurance number was stolen, to avoid impact on your credit. He added you should also keep an eye on your credit report.
How other universities are responding
CTV News Winnipeg reached out to other universities in the province to find out about the measures they are taking in the wake of the University of Winnipeg’s cyber attack.
Red River College Polytechnique would not comment on specifics, but said they’ve implemented some measures, such as multi-factor authentication, to keep data safe.
“Our work and protocols are reviewed and updated regularly as part of our approach to cyber security,” a spokesperson said in a news release.
Brandon University has also made enhancements to its security measures.
“While not directly related to the UW incident, we have made several recent and ongoing enhancements to our systems, including improved warnings about links in external emails (this is a common vector for attacks), consistent updating of our firewalls, and we’re rolling out changes to our campus Wi-Fi networks that encourage more secure connections,” a spokesperson said in a statement. “As well, multi-factor authentication has been in place for both employees and students at BU since at least 2022.”
The University of Manitoba declined to comment about its cyber security policies and measures.