Cyber Incident Victim: University of Fraser Valley (UFV)
Date:
Nov 2017
Location:
Canada
Summary
A hacker breached a Canadian university's network, stealing student data including names, contact details, academic records, and limited financial information before demanding a 30,000 CAD ransom under threat of further leaks. The institution acknowledged the incident, notified affected individuals, temporarily disabled its email systems to contain the exposure, and collaborated with law enforcement during the investigation, though the attacker's access method and full compromise scope remained unclear post-deadline.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In late October or early November 2017, an unidentified hacker breached the University of Fraser Valley's (UFV) network, compromising student data including names, email addresses, phone numbers, physical addresses, academic grades, and limited financial information. The exact intrusion timeline remained undetermined during subsequent investigations. Between October 28-31, the attacker emailed UFV students containing personal details of 29 affected individuals alongside a ransom demand for 30,000 CAD (23,000 USD), giving university officials 48 hours to comply before threatening to release additional stolen data. UFV administration acknowledged the breach through four sequential security alerts issued starting Monday, October 30, confirming direct notification of impacted students and implementation of privacy protection measures. By Wednesday, November 1, the institution disabled its email systems until November 6 to contain further data dissemination through compromised accounts, while maintaining critical academic operations through alternative communication channels.
The incident caused operational disruption through forced email system deactivation and triggered collaborative investigations between UFV's IT security team and Abbotsford Police Department. Forensic analysis failed to establish the attacker's initial access vector or determine the full scope of compromised systems by the time of public disclosure. While the ransom deadline expired without confirmation of payment, the university maintained focus on securing exposed student information and preventing secondary exploitation of stolen data. No evidence linked this intrusion to TheDarkOverlord group's contemporaneous attacks on Montana schools, though both campaigns shared extortion tactics. UFV's response prioritized direct victim assistance over public disclosure of technical breach specifics, with ongoing investigations continuing beyond the initial containment phase without releasing final compromise statistics or forensic conclusions.