Institutional announcements

Statement on Privacy Breach

March 02, 2020

Privacy breach and password change request

There has been a breach of privacy affecting personal information at Simon Fraser University (SFU). The breach affects faculty, staff, students, alumni, and retirees who joined the University prior to June 20, 2019. While it does not appear that any SFU Computing accounts have been compromised, all those impacted have been asked to change their password immediately to significantly mitigate that risk. Those impacted have been notified directly and the University is assisting individuals upon request.

Information that was exposed includes student and employee numbers, names, birthdates, mail list memberships and course enrollments. Encrypted passwords were also exposed.

The privacy breach occurred when SFU’s system was subjected to a ransomware attack that found a weakness in the way the information was handled. This weakness has been discovered and corrected. No SFU systems are currently exposed. The data was exposed on February 27, 2020, the issue was identified and corrected on February 28, 2020.


The steps SFU is taking

SFU is taking immediate steps to control or reduce the potential harm from this breach and to prevent future incidents. We are:

  • Notifying affected individuals about the data breach;
  • Assisting individuals upon request and as needed to mitigate any harm;
  • Investigating the cause and extent of the data breach and taking further action as appropriate;
  • Evaluating the risks associated with the breach and responding to them as we receive more information;
  • Reviewing and changing as appropriate physical, procedural, and technical security measures;
  • Reviewing and changing as appropriate internal operating policies and procedures; and
  • Reporting this privacy breach to BC's Office of the Information and Privacy Commissioner.

The university deeply regrets this incident, we are working diligently to contain the situation and are committed to helping mitigate the potential risks and harm to our faculty, staff, students, alumni, and retirees.