September 4, 2020 |
Students and staff at the Royal Military College won't know until mid-September whether their personal information has been compromised, more than two months after a cyber attack forced the shutdown of the organization's computers.
An extensive review of information contained on the college's computer-based academic network is underway, according to the Department of National Defence.
That network is used for general administration, student communications and research.
“Initial indications are the extent of the compromise appears limited primarily to non-classified administrative information and correspondence,” DND spokeswoman Christina Kasper said in an email. “When the review is complete, a general statement based on findings will be shared with all network users regarding the extent of the compromise.”
The cyber attack took place July 3.
“If, during the course of the assessment, it is determined any personally identifiable information was compromised, individual network users who were found to be at risk will be immediately and directly contacted by the chain of command,” Kasper added.
She noted that the office of the Privacy Commissioner was notified about the incident at the college in Kingston, Ont.
RMC professors have been told not to access or retrieve their files on college computers, even with a USB stick. Staff and students have also been trying since July 3 to find out if their personal data has been compromised.
But an email summary of an Aug. 25 town hall that took place to discuss the computer attack acknowledged very little information is being provided by the college.
“Very few specific concerns were addressed in the town hall other than the presentation of the computer network issues that transpired and the way ahead for re-implementation of the RMC network,” the email to staff noted. “Personal data loss was mentioned as a possibility that had been brought up in the media. There is currently an ongoing investigation with the goal to determine define what may have transpired and to inform any that may be affected. No other details were provided.”
Global News reported Aug. 18 that what appears to be data from the Royal Military College was leaked on the dark web. Many of the files appear to include student progress reports, acceptance letters, as well as a myriad of financial documents like tax receipts and budgets for various departments, Global News noted.
DND has not confirmed whether the information on the dark web came from the college's computers.
The college's academic computer system is separate from the operational computers used by DND and the Canadian Forces and corporate networks were not affected by the attack.
“All early indications suggest this incident resulted from a mass phishing campaign,” said DND spokeswoman Jessica Lamirande. “This incident has not affected any classified systems or classified research at the Royal Military College.”
The RCMP's National Cyber Crimes unit is investigating.
Lamirande said the Royal Military College expects its fall academic term to begin as scheduled on Sept. 8.