U of G Students Notified of Data Breach Months After Occurrence
University of Guelph students have been informed about a data breach that potentially exposed sensitive personal data, including names, student numbers, and dates of birth, all of which could be used for identity theft. The breach occurred in March via a third-party security firm used for secure file transfers between Gallivan, the student health, dental, and wellness program provider, their administrative systems, service partners, and the Central Student Association (CSA).
The breach happened on March 10th, and on July 26, Gallivan sent a notification to students. In the notice, Gallivan stated that it is currently unaware of any misuse of the information exposed in the breach. It emphasized its comprehensive and proactive approach to dealing with the incident, which includes informing students about the situation, its response, and the steps they can take to protect their information.
University of Guelph’s director of communications, Deirdre Healey, explained the delay in notifying students, stating that the breach didn’t involve the university’s systems. She said questions regarding notification timelines should be directed towards Gallivan, who is responsible for the notification.
Healey stated that the university learned about the incident from the CSA and has been assisting the CSA in facilitating Gallivan’s notification to the affected students. She also added that students affected by the breach can contact the university’s privacy office with any general questions or concerns about their data.