Data exposed during cyberattack at Algonquin College

Algonquin College is warning the personal data of some students, staff and alumni may have been exposed during a cyberattack this Spring.

But in a statement, Algonquin says there is “no direct evidence” any data was accessed or taken during the incident.

The college discovered on May 16 an unauthorized and illegal access of a server infected with malware by hackers. The infected server hosted access to databases which contained personal information.

In a statement, Algonquin says it has identified 4,568 students and alumni whose information may have been exposed, including date of birth and home address. Those individuals received an email on Monday and will be receiving a letter through Canada Post.

While Algonquin says there have been no reports of identity theft or other misuse, the students will be offered identity theft protection based on the college’s risk assess analysis.

An additional 106,931 individuals, including students, alumni and current and former employees, had non-sensitive information that may have been exposed on the server. The college says the information was assessed as presenting a low risk of misuse if in fact it was accessed. The College is in the process of contacting this second group by mail.

Algonquin says a detailed forensic investigation underway has revealed no financial information was exposed, and the data did not include Social Insurance Numbers, banking or credit card information.

Since the incident, Algonquin says it has implemented a number of additional security measures recommended by an external security consultant.

The College has set up a toll-free number for anyone with questions or concerns (1-866-252-2644 during normal business hours). They can also e-mail acadvisory@algonquincollege.com or visit our website (algonquincollege.com/cyber).