Names, addresses, birthdates and social insurance numbers are some of the pieces of information a computer hacker had access to after one of Brandon University’s servers was infiltrated, according to the school’s president, Deborah Poff.
The university revealed more details about the server breach yesterday afternoon after acquiring proof of the hack on Oct. 14 from the individual who illegally gained access to the system for an unknown period of time.
Are you the hacker?
On Thanksgiving Day, someone proved that they hacked into one of the servers at Brandon University by providing evidence of a file they saw in a database inside the school’s network.
If you are the hacker, the Brandon Sun would like to hear from you.
Furthermore, if you are a someone who applied to the school between 2004 and 2009 and have been informed that your information may have been accessed, we would also like to hear your concerns.
Please feel free to email email@example.com or phone the office at 204-571-7441.
"We now know that an individual accessed one of the university’s 40 network servers which held information about a number of web-based student applications," Poff said. "They were using (the database) to develop an online web application, so people could apply online."
While some of the information contained in the application was comprised of fake student data, other information was pulled from people who applied to the university between 2004 to 2009.
"We have had no threats that they are going to do anything with it," Poff said.
A private company is now combing through the entire system, compiling a comprehensive audit that could potentially reveal more breaches on more servers.
"We have no belief that anything else was touched, but the company is still going through the server," she said.
Third-year student Joe Dauphinais is disappointed with how BU administration initially handled the ordeal.
"No one knew anything and then four days later we got an email from Dr. Poff that they’ve been hacked and they shut everything down to contain it," Dauphinais said about a statement that was issued from the school’s leader Oct. 18.
"I understand what they did, I just don’t know why they waited so long to inform the greater university community. I feel that’s the first thing they should have done."
Brian Bowman, a partner with Pitblado Law who specializes in privacy, commended BU for taking the proactive step of notifying students whose information was accessed, which isn’t required by law.
"It’s a troubling situation for everybody, including the university," Bowman said.
The majority of the information accessed, according to Poff, was from people who applied to BU, but never attended school in Brandon.
"It begs the question: how much of that information still needs to be retained?" Bowman said, adding there could be legitimate reasons why the school kept the information and chose to use it in the creation of an in-house application.
Questions also swirl about why the university chose to use data from real students’ applications rather than use 100 per cent randomly generated data.
Poff said she couldn’t answer why the BU staff chose to use real information.
"I don’t think it is an unreasonable thing to do, but in hindsight it obviously would have been preferable not to do it," she said. "The fact that someone subsequently some years later broke the law and got into (the server) is unfortunate no matter what the records were."
When asked if students were made aware their information was being used in application development, Poff fired back.
"I’m not going to answer that ... nor do I think it helps this university right now, hypothesizing about what someone might have thought about nine years ago when they were testing a database."
When she was a student, it wouldn’t have concerned her if it was her information that has been hacked.
"I applied to at least 10 universities. Would I particularily care if Ryerson (University) told me sometime later that someone looked at my application — I don’t think it would have bothered me that much."
Republished from the Brandon Sun print edition October 24, 2013