University Of Alberta Hit By Security Hack AttackBy Emily Marks, UniversityHerald Reporter
Computers at the University of Alberta in Canada were installed with malware which was intended to collect the school's passwords. The incident happened late last year but the breach was only shared to the community on Thursday.
Edmonton Journal reported that the malware put over 3,000 students, faculty and staff at risk. The investigation led to charges against a student.
Apparently, the student installed the malware on 300 computers in 20 classrooms and laboratories in the Library Knowledge Commons, Computing Science Centre and in the Centennial Centre for Interdisciplinary Science. The main target was to get University of Alberta's primary identification password, which is known as the campus computing ID.
Gordie Mah, the school's chief information security officer, explained that the campus computing ID can be used as the gateway to the university's email service. This could play a vital role in disclosing unauthorized personal or financial information.
It was only because the malware requires the user to be physically present at the machine that the spread of the installment was not as exponential. Mah added that there has not been a data breach as big as this at the school in recent years.
Students, faculty and staff were urged to change their passwords and not to open attachments or links from suspicious emails. The University of Alberta detected the malware last Nov. 22.
On Nov. 23, 3,304 people were notified that their passwords may be at risk. Yibin Xu, 19, is facing multiple cyber-attack charges.
According to Global News, there was no indication that the passwords were used. The school has confirmed that its Information Services and Technology (IST) unit have set up controls against the malware to make sure that its computer systems are secure.
Last November, another Canadian college, Carleton University, was hit with a ransomware attack. The hackers demanded a payment of bitcoins in order for the school to be able to access its computer network.