Cyber Incident Victim: Alma Mater Society of Queen's University

In early 2023, the Alma Mater Society (AMS) of Queen’s University disclosed that email addresses associated with its organization were compromised due to a cybersecurity incident involving Twitter. Between January and March 2023, scraped user data from Twitter was leaked on a dark web hacking forum, impacting Twitter accounts registered with AMS email addresses. The AMS clarified that the breach originated exclusively from Twitter’s systems and did not result from vulnerabilities in AMS’s internal security infrastructure. Exposed data included email addresses, full names, screen names, and additional personal information potentially stored within the affected Twitter accounts. The AMS emphasized that no AMS accounts, systems, or databases were directly breached, as the compromise was confined to Twitter’s platform. The organization’s IT team confirmed the incident’s external origin and focused on identifying the scope of affected email addresses.

The AMS publicly addressed the incident through a news release on March 28, 2023, to clarify the breach’s limited scope and reassure stakeholders. It explicitly stated that the incident was unrelated to AMS account security and stemmed solely from Twitter’s data exposure. No specific remediation actions were detailed beyond the IT team’s commitment to monitoring potential security incidents and disseminating information promptly for internal remediation. The compromised data posed risks of misuse, such as targeted phishing or identity theft, for individuals whose Twitter accounts were linked to AMS emails. The organization did not report operational disruptions or financial losses resulting from the incident, as its internal systems remained unaffected. The disclosure aimed to promote transparency while redirecting accountability to Twitter’s security practices.