Students at the University of Guelph have been notified of a third-party data breach, potentially exposing personal information like names, student numbers and dates of birth – all of which could be used for identity theft.
The breach, which happened on March 10, was through a third-party security company used for secure file transfers between Gallivan, the student health, dental and wellness program provider for students at the university, and their administration systems, service partners, and the Central Student Association (CSA).
In a notice Gallivan sent to students on July 26, it said itsy are currently unaware of the information being “misused” anywhere, and that it's taking a “comprehensive and proactive approach by providing information about the incident, our response, and steps you can take to help protect your information.”
Regarding why students were only notified of the breach months after it happened, U of G director of communications Deirdre Healey said the “third-party data breach does not involve University of Guelph systems,” and that “questions around notification timelines should be directed toward Gallivan as they are responsible for the notification.”
Gallivan and the CSA could not be immediately reached for comment.
Healey noted the university was informed of the incident by the CSA, and has been "supporting the CSA facilitating Gallivan's notification to impacted students."
"Impacted students are welcome to contact the university's privacy office with general questions or concerns about their data," she said.