Ontario’s Lakehead University and B.C.’s Simon Fraser University continue investigations after suffering cyberattacks this month.
Yesterday afternoon, Lakehead announced that it’s aiming to resume on-campus classes in Thunder Bay and Orillia this Friday. Last Saturday, service had been restored to student and staff Gmail accounts, Zoom video service, the MyInfo portal and the D2L learning platform. However, all university servers and on-campus Lakehead-owned computers continue to be inaccessible.
The incident began on Feb. 15 and has been described as an attack on file share servers.
“Until such time as it’s deemed safe, all servers must remain inaccessible,” the university tweeted Monday. “TSC [The Technology Services Centre] believes that the cybersecurity event was directed at Windows-based university-owned computers, and that Apple computers were not affected.”
The university urges anyone entering the campus to contact the technology services centre before bringing any university-owned Windows-based computers to campus.
The centre will soon be implementing a mandatory one-time password change for all university accounts. New passwords should be significantly different from current or previously used passwords, Lakehead warns, and not simply changing a single character, number or letter.
To further secure Gmail accounts, it reminds students and staff that multi-factor authentication is available.
Few answers from Simon Fraser University
At Vancouver-based Simon Fraser University, a Feb. 5 attack on one server resulted in access to personally identifiable information of 200,000 current and former students, faculty, staff and applicants About 150,000 people the copied data included their student/employee ID number and at least one other data element, but no name identifier (first name/last name). Other data varied but may have included admission or academic standing data.
There is no evidence of compromised passwords, banking information, or regulated data (such as Social Insurance Numbers), the university said. However, it has warned the data copied could see staff and students open to identity theft, unsolicited bulk or commercial email and third-party profile building.
“The attack did not disrupt any of the services we provide to our community or breach any accounts,” Angela Wilson, senior director of media relations and public affairs, said in an email to ITWorldCanada.com. SFU is working to safeguard its online environments and platforms further, she added. For security reasons, the university wouldn’t say how the server was accessed.
