Cyber Incident Victim: Concordia University
Date:
Apr 2017
Location:
Canada
Summary
A cybersecurity breach compromised Concordia University's online course platforms, exposing names, student ID numbers, and email addresses of approximately 9,000 individuals. Unauthorized access occurred within the eConcordia and KnowledgeOne systems, though financial data and academic records remained unaffected. The institution notified impacted parties and initiated a police investigation while assessing the scope of the incident. This followed a separate prior security issue involving keyloggers on campus library computers, which had prompted password resets and fraud monitoring recommendations.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On April 11, 2017, Concordia University disclosed unauthorized access to its eConcordia and KnowledgeOne online course platforms, compromising student names, Concordia ID numbers, and email addresses. The breach notification email confirmed no financial data or academic records were accessed. University spokesperson Chris Mota estimated 9,000 students were affected, with all receiving direct notifications. Concordia filed a report with Montreal police and initiated an internal investigation to determine the intrusion's scope and methodology. Mota acknowledged uncertainty about whether similar incidents had occurred previously, citing the ongoing nature of the inquiry. The compromised systems hosted course materials and student profiles but did not store banking details or transcripts, limiting the exposure to identifier and contact information.
This incident followed a separate cybersecurity event in March 2017, when keyloggers were discovered on computers in Concordia’s Webster and Vanier libraries. These hardware devices captured keystrokes to harvest passwords, payment card data, and personal information. The university had launched an investigation at that time and advised library users to reset passwords and monitor financial accounts for fraudulent activity. No explicit connection was established between the library keyloggers and the April eConcordia breach, though both incidents heightened concerns about institutional cybersecurity practices. Concordia’s response to the eConcordia breach focused on law enforcement collaboration and direct victim notification without public disclosure of technical vulnerabilities or attacker attribution. The university did not implement mandatory password resets for affected accounts, as financial systems remained uncompromised.