Cyber Incident Victim: University of Regina
Date:
Jun 2016
Location:
Canada
Summary
The University of Regina initiated an investigation following a privacy breach involving unauthorized access to three personal computers across different faculties during two separate cyberattacks. The compromised systems contained sensitive personal information, including names, student and employee numbers, and social insurance numbers, though officials stated there was no evidence the data had been accessed, disseminated, or disclosed.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 4 motives | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In late June 2016, the University of Regina initiated an investigation following the discovery of unauthorized access to three faculty computers across different academic departments. The breach occurred through two distinct cyber attacks during the preceding week, compromising devices containing sensitive personal information. University officials confirmed the exposed data included names, student identification numbers, employee numbers, and social insurance numbers belonging to members of the university community. While the exact method of intrusion wasn't disclosed, the incident involved personal computers rather than centralized servers or enterprise systems. The university's communications executive director, Kim McKechney, publicly acknowledged the breach on June 30 while emphasizing investigators had found no evidence that personal information had actually been accessed, copied, or distributed by unauthorized parties. No ransomware demands or explicit motives for the attacks were disclosed in official statements.
The university maintained operational continuity throughout the investigation, with no reported disruptions to academic activities or administrative services. Impact assessments focused on potential identity theft risks stemming from the types of compromised data, particularly the exposure of social insurance numbers which serve as national identifiers in Canada. McKechney's statements sought to balance transparency about the breach's occurrence with reassurances regarding the lack of confirmed data misuse. The incident prompted internal reviews of computer security practices across faculty departments handling sensitive information. No details were provided about whether affected individuals received direct notifications or what specific protective measures were implemented following the breach discovery. The investigation remained ongoing at the time of public disclosure, with the university continuing to monitor for any evidence of data exploitation while refining its cybersecurity protocols.