BRANDON -- Computer hackers may have gained access to five years of Brandon University students' personal information, including their names, addresses, birth dates and social insurance numbers.
The university revealed more details about the server breach this afternoon. It apparently came to light on Oct. 14, although the university waited four days before notifying students.
"We now know that an individual accessed one of the university’s 40 network servers which held information about a number of web-based student applications," said university president Deborah Poff.
A database that was broken into was apparently a testbed, being used by the university to develop a new web-based applications tool. However, at least some of the information being used in the test database was real student application information.
The university said that student records between 2004–09 may have been compromised. They're now trying to trace people who were listed in the database to make them aware of the situation and an information email address has been set up for inquires.
"No financial information or academic records were involved," Poff said.
The university says that it took immediate steps to take down the BU website and keep the hacker out, as soon as the unauthorized access came to light. Yesterday, Poff said that it was the hacker who had alerted them in the first place, and had emailed the university private student information as proof of their access.
Local police and the Manitoba Office of the Ombudsman are investigating, the university says. They've also hired a national security firm to investigate.
"I apologize for any inconvenience that this illegal hack has caused and wish to assure everyone that we have taken the steps to secure our computer system," Poff said.
-- Brandon Sun