Privacy breach and password change request notice, March 2, 2020

The data was exposed on February 27, 2020, and the issue was identified and corrected on February 28, 2020.

The personal information about you that was disclosed is comprised of the types listed below:

• SFU Computing ID
• SFU student/employee ID number
• First, last, and preferred names
• Birthdate
• Employee group
• Mail lists which the SFU Computing ID belongs to
• Course enrollment
• External email address
• Encrypted passwords were also exposed.
• Data from web forms:
  • 2017 BBY Math Camp Acceptance
  • 2017 Math Camp - Teacher Application
  • 2017 SRY Math Camp Acceptance
  • AP Position in Environmental Economic Geography
  • Apply to Co-op Application Form
  • Burnaby Audio Visual Consultation
  • Campaigner - Email Marketing Service - Sub-Account Creation Request Form
  • Coast Capital Savings Venture Connection - Mentor Meet
  • Collaboration Tool - SharePoint(ol
  • Department of Geography TA Marker Job Application - External
  • Department of Geography TA Marker Job Application - Internal
  • Department of Mathematics - Burnaby Camp Payment
  • Department of Mathematics - Camp Payment
  • Department of Mathematics - K-12 Students & Teachers School Maillist
  • Digital Records Transfer Request Form: Private Records
  • Digital Records Transfer Request Form: University Records
  • Employment Opportunities - Sessional Application Form
  • Employment Opportunities - TA TM Application Form
  • Environment Research Talks
  • Faculty of Applied Sciences - Meet a Student
  • Faculty of Applied Sciences - Student Employment Application
  • Faculty of Environment EnvirO 2017
  • Faculty of Environment EnviroFrosh 2018
  • Faculty of Environment EnvironMentors
  • Faculty of Environment Graduate Student Event Survey
  • Faculty of Environment Profile Photoshoots
  • Finance - Compliments and Concerns
  • Finance - Feedback, Questions, or Comments
  • Finance Program Phase Two
  • Financial Aid and Awards Advising
  • Food for Thought Feedback, Questions, or Comments
  • Formation des enseignants - Programme de formation professionnelle - ANF inscription
  • Gerontology Research Centre Newsletter
  • Graduate Progress Reports FAQ
  • Impacts of Bicycle Infrastructure in mid-Sized Cities - Contact Us
  • India Connect SFU: Entrepreneurship Co-op
  • Institute for the Humanities - Join Our Mailing List
  • International Community Engagement - SFU Academic-CSO
  • Join STAR Institute
  • Language Learning and Development Lab - Parent Registration
  • Math Camp Nomination - Burnaby
  • Math Camp Nomination - Surrey
  • Math Catcher Expectation Agreement
  • Math Catcher Math Camp Application
  • Opportunities in Geography - Online Application Form - Sessionals
  • Opportunities in Geography - Online Application Form - TA (Internal)
  • Parking Lottery Application
  • Phonological Processing Lab Comments and Questions
  • Privacy Breach Report
  • Professional Master's - Visual Computing Application
  • Program Change - Surrey Campus Registration Form
  • Program Change - Surrey Campus Registration Form
  • Research ImageTech Lab
  • SCD Program Application Form
  • School of Sustainable Energy Engineering Newsletter
  • SFU Geography online application
  • SFU Reconciliation Funding Concepts
  • SFU Reconciliation Report Feedback
  • SLC: Academic English Coaching
  • Standardized Equipment Purchase Program Order Form
  • Stay in touch with Faculty of Environment
  • Student Services Admission deferral request
  • Student Services Admissions Team Email
  • Student Services Source - Data: General Request
  • Student-Commmunity Engagement Competition - Register now
  • Student-Commmunity Engagement Competition - Register to Attend
  • Student-Commmunity Engagement Competition - Registration
  • Student-Commmunity Engagement Competition - Submit your idea
  • Students Event Career Workshop
  • Submit a Proposal: Innovate: New Approaches to Canadian International Cooperation
  • Symposium on ath & Computation 2017 Registration
  • The Lighthouse Labs Prize at SFU
  • The Work of Words RSVP
  • Undergraduate Student Writing Contest Submissions 2018
  • Vancouver Campus INgagement program
  • Vollunteer Appreciation Gala Alumni RSVP
  • Vollunteer Appreciation Gala Staff and Faculty RSVP
  • Vollunteer Appreciation Gala Student RSVP
  • Women in Computing Science CodeMavens

Yes, only encrypted passwords were exposed.

While it does not appear that your SFU Computing account has been compromised, taking the precaution now of changing your password will significantly reduce that risk.

You should never use this password again. If you used this password for another service such as alternate email, you should change your passwords there as well. Do not set the password for your SFU Computing account to be the same as you use for other systems or websites.

The immediate steps you should take to protect your personal information, privacy, and identity are:

• Promptly change your SFU Computing ID password. This should only take you 2 minutes. To change your password, click here.
• Use your new password when connecting to SFU Wi-Fi and any online applications such as goSFU, myINFO, SFU Mail, and SFU Vault.
• Monitor personal accounts and memberships of all kinds for any unusual activity over the next several months.

SFU is taking immediate steps to control or reduce the potential harm from this breach and to prevent future incidents. We are:

• Investigating the cause and extent of the data breach and taking further action as appropriate;
• Evaluating the risks associated with the breach and responding to them as we receive more information;
• Reviewing and changing as appropriate physical, procedural, and technical security measures; and
• Reviewing and changing as appropriate internal operating policies and procedures.

You have the right to complain to the University. The procedure for making a privacy complaint to the University is available at https://www.sfu.ca/archives/foipop/PrivacyBreach.html.

You may consult the website for the Office of the OIPC at www.oipc.bc.ca for general information about the protection of personal privacy.  You have the right to complain to the Commissioner by writing to:

Information and Privacy Commissioner
PO Box 9038, Stn. Prov. Govt.
Victoria, British Columbia V8W 9A4
Telephone: 250-387-5629
Email: info@oipc.bc.ca

If you submit a complaint, please provide the Commissioner’s office with:

1. Your name, address, and telephone number;
2. A copy of this letter; and
3. The reasons or grounds upon which you are complaining.

For full instructions, click here.

It will take approximately two minutes to update your password and up to 30 minutes for the new password to be activated.

Activating your new password requires a synchronization process to enable you to authenticate on multiple devices. Password change requests are queued and given the high volumes this process may take up to 60 minutes compared with 15 minutes for normal synchronization.

You SFU Computing ID password will need to be updated for each device. We recommend using the below instructions or contacting an IT Service Centre, Desktop Support Consultant or a local IT staff member for assistance.

Try the following:

• Re-enter your SFU Computing ID and password; or
• Under your Wi-Fi connection settings try the option to forget network. Connect to data. Re-install XpressConnect. Further instructions can be found here. Note: Samsung Internet appears to be more effective than Google for Samsung cell phones.

• Quit Microsoft Outlook and all other Office applications
• Open Keychain Access.app from the Utilities folder
• In the search field in Keychain Access, enter “Exchange”
• In the search results, select each item to view the Account that's listed at the top, and then press Delete. Repeat this step to delete all items for your Exchange account.
• In the search field, enter “adal”.
• Select all items whose type is “MicrosoftOffice15_2_Data:ADAL:<GUID>”, and then press Delete.
• In the search field, enter “office”.
• Select the items that are named “Microsoft Office Identities Cache 2” and “Microsoft Office Identities Settings 2”, and then press Delete.
• Quit Keychain Access.
• Open Outlook again and enter your account information when prompted

• Follow the steps below to clear cached/saved Windows credentials:
• Type ‘Control Panel’ in the search field near start menu. Press enter.
• Select Credential Manager.
• Select Windows Credentials.
• Look for the set of credentials that starts with Microsoft_OC1:uri or MicrosoftOffice16_Data:SSPI:j
• Click on Remove
• Repeat step 4 and 5 for additional sets of credentials that have the word Outlook or MicrosftOffice in the name.

• For both Mac OS X and Windows devices (workstations and laptops), you will need to remove saved credentials.
  
  For Mac OS X follow the steps below:
• Make note of the printer name (e.g. SFU_Print)
• Open Finder. Click Go then Utilities.
• Find the Keychain Access App and double-click.
• Use the side navigation menu and look for category. Click on Passwords.
• Locate the printer name. Right click and select delete.
• Try to print again.
• Check that Registered User button is selected. Enter username in the following format ADSFU\username where username is your SFU Computing ID.
• Enter your new password.
• Check box to Remember this password in my keychain. Click OK.
• For Windows, follow the steps below: 
• Click on the Windows icon in the bottom left to pull up the Start Menu.
• Click on the sprocket icon to open Windows Settings.
• Search for and click on Credential Manager in the Windows Settings window.
• Under Manage your credentials select Windows Credentials.
• Find the entry for your cs-pcut-staff-p.mps.sfu.ca account and click the down arrow in a cirle on the right to expand.
• Click edit
• Enter your password
• Click save