The University of Winnipeg first brought news of a cyber attack to our community last week. Regrettably, we are confirming that the individuals who attacked us stole information.
We have been investigating since the cyber incident first came to our attention on March 24, 2024. We have now confirmed that data from a University file server has been stolen and that the stolen information likely includes the personal information of current and former students and employees.
Our investigation is continuing, but at this time we believe the theft most likely occurred in the week before March 24th, and we have identified the following exposure.
| Population likely affected | Information exposed |
|---|---|
| All current employees and all former employees employed since 2003 | Names, social insurance numbers, dates of birth, street addresses, phone numbers, and compensation information |
| All current employees and all former employees employed since 2015 | Bank account information |
| All students enrolled in University of Winnipeg undergraduate and graduate programs since the academic year beginning in September 2018 This does not include Professional, Applied and Continuing Education (PACE) students, English Language Program students, and University of Winnipeg Collegiate students |
Names, programs of study, street addresses, student numbers, dates of birth, social insurance numbers (domestic students only), fee and tuition amounts, gender information, and marital status information |
| All students enrolled in Professional, Applied and Continuing Education (PACE) and English Language Program (ELP) programs since the academic year beginning in September 2019 This does not include undergraduate and graduate students and University of Winnipeg Collegiate students |
Names, programs of study, street addresses, student numbers, dates of birth, social insurance numbers (domestic students only), and tuition amounts |
| All students to whom the University issued T4A forms since 2016 | Names, street addresses, social insurance numbers (domestic students only), and funding amounts |
As a proactive step, we will be providing individuals who are likely affected a two-year credit monitoring service. This is a service that allows one to check for signs of identity fraud so protective action can be taken. Enrolling in the credit monitoring service provides you with excellent protection as you can ensure you receive an alert immediately if anyone attempts to open a credit account in your name.
In the coming days, we will begin e-mailing and mailing codes along with instructions about how to enrol. You do not need to contact us for a code; however, if you are a former employee or student and would like to update your address, please e-mail incident.support@uwinnipeg.ca. We will send future communications to your updated address. If you are included in one of the groups listed above and do not receive a code within two weeks, please email us at incident.support@uwinnipeg.ca.
We continue to investigate to determine whether others are affected, and will provide further notifications based on our findings. This investigation may take time, possibly months. In the interim, we have notified both law enforcement and the Manitoba Ombudsman.
Our community has been subject to a cyber crime. It is disturbing that higher education institutions like the University and other public sector organizations are being targeted by cyber attacks. This has been a terrible incident that has directly impacted our community, and for that we are deeply sorry. Rest assured that we will carefully consider the results of our investigation with a commitment to emerge from this incident with stronger cyber defences.
An FAQ containing more information can be found on our Incident Updates page. If you have questions that are not answered on that page, please email us at incident.support@uwinnipeg.ca or call our dedicated support line between 8:30 a.m. and 4:30 p.m. at 204-786-9325.
