U of G students notified of benefits data breach 4 months later | CTV News
U of G students notified of benefits data breach 4 months later
The University of Guelph is pictured above. (CTV)The University of Guelph is pictured above. (CTV)
Daniel Caudle
CTVNewsKitchener.ca Digital Content Producer
Follow | Contact
Updated July 28, 2023 4:07 a.m. BST
Published July 28, 2023 12:38 a.m. BST
Share
facebooktwitterreddit More share options
The provider of health, dental, and wellness benefits at the University of Guelph (U of G) has begun notifying students of a data breach which included access to personal information.
A post on the Central Student Association’s website says Gallivan, the provider of those plans, began sending notifications via email this week.
CTV News Kitchener was provided an email sent by Gallivan to U of G students on Wednesday morning informing them of the breach.
“On March 10, 2023, we were informed of a data breach at a third-party security company used for secure file transfer of data between our benefit administration systems, service partners, and the Central Student Association (CSA) and Graduate Students’ Association (GSA),” the email reads.
According to the timeline provided, the email was sent to students over four months after the data breach was discovered.
“After a thorough investigation involving our internal and external cyber security advisors, we determined the following personal information was included in this incident: your student ID, name and date of birth. This information could potentially be used for fraudulent purposes, including identity theft,” the email reads.
GALLIVAN RESPONDS
In a message to CTV News, a representative for Gallivan said the company was informed of a data breach at third-party security company, Fortra GoAnywhere MFT, which they use for secure file transfer of data.
"We worked quickly to determine the quantity and type of data exposed. Limited student personal information was included in the incident and we are communicating with those students who were impacted," said Binny T. Abraham, senior vice president of operations and client services at Gallivan.
The company is offering credit monitoring and identity theft protection to those impacted.
“We’re currently unaware of any ongoing exposure of this information and we’re not aware of it being misused,” said Abraham.
The message from Gallivan indicated that the incident impacted over 100 organizations worldwide.
U OF G RESPONDS
In an email, the U of G told CTV News the third-party data breach does not involve university systems.
“The University was informed of this incident by the CSA and has been supporting the CSA facilitating Gallivan's notification to impacted students. Impacted students are welcome to contact the University's privacy office with general questions or concerns about their data. Questions relating to the third-party data breach should be directed to Gallivan,” the university said.
The University of Guelph is pictured above. (CTV)The University of Guelph is pictured above. (CTV)
Daniel Caudle
CTVNewsKitchener.ca Digital Content Producer
Follow | Contact
Updated July 28, 2023 4:07 a.m. BST
Published July 28, 2023 12:38 a.m. BST
Share
facebooktwitterreddit More share options
The provider of health, dental, and wellness benefits at the University of Guelph (U of G) has begun notifying students of a data breach which included access to personal information.
A post on the Central Student Association’s website says Gallivan, the provider of those plans, began sending notifications via email this week.
CTV News Kitchener was provided an email sent by Gallivan to U of G students on Wednesday morning informing them of the breach.
“On March 10, 2023, we were informed of a data breach at a third-party security company used for secure file transfer of data between our benefit administration systems, service partners, and the Central Student Association (CSA) and Graduate Students’ Association (GSA),” the email reads.
According to the timeline provided, the email was sent to students over four months after the data breach was discovered.
“After a thorough investigation involving our internal and external cyber security advisors, we determined the following personal information was included in this incident: your student ID, name and date of birth. This information could potentially be used for fraudulent purposes, including identity theft,” the email reads.
GALLIVAN RESPONDS
In a message to CTV News, a representative for Gallivan said the company was informed of a data breach at third-party security company, Fortra GoAnywhere MFT, which they use for secure file transfer of data.
"We worked quickly to determine the quantity and type of data exposed. Limited student personal information was included in the incident and we are communicating with those students who were impacted," said Binny T. Abraham, senior vice president of operations and client services at Gallivan.
The company is offering credit monitoring and identity theft protection to those impacted.
“We’re currently unaware of any ongoing exposure of this information and we’re not aware of it being misused,” said Abraham.
The message from Gallivan indicated that the incident impacted over 100 organizations worldwide.
U OF G RESPONDS
In an email, the U of G told CTV News the third-party data breach does not involve university systems.
“The University was informed of this incident by the CSA and has been supporting the CSA facilitating Gallivan's notification to impacted students. Impacted students are welcome to contact the University's privacy office with general questions or concerns about their data. Questions relating to the third-party data breach should be directed to Gallivan,” the university said.