STATEMENT ON EXPOSURE OF PERSONALLY IDENTIFIABLE INFORMATION February 16, 2020

SFU is notifying its’ community of a cyberattack on an SFU server resulting in the exposure of personally identifiable information. 

SFU is notifying its’ community of a cyberattack on an SFU server resulting in the exposure of personally identifiable information.

Spreadsheet data on the breached server contained personal information for a number of current and former students, faculty, staff and student applicants. The personal information varies for each individual based on the type of information stored in the spreadsheets. Data exposed does not include information such as banking details, Social Insurance Numbers (SIN) or passwords. For the majority of those impacted, the personally identifiable information is their student/employee ID number and at least one other data element. The other data points are varied. Examples include things like admission or academic standing data.

The university is directly notifying all impacted individuals who have a current email address on file.

If a person wants to check if their information was included in this breach, they can:

Although the risk of identity theft is low, those impacted should monitor personal accounts and memberships of all kinds for any unusual activity over the next several months.

We recognize how frustrating it is for individuals who have had personal data exposed. Information security is a high priority for SFU. Cyberattack attempts are on the rise with increasingly sophisticated methods to gain entry into IT systems. In response, the university has been steadily increasing the strength of our institutional information security systems and continues to do so. 

close