Unauthorized access to UNB systems on Sunday, May 13
On Sunday, May 13, an outside group calling themselves Team Digi7al managed to gain unauthorized access to University of New Brunswick systems through an old section of the UNB website.
What kind of information did the group access?
We’ve been able to determine the group was able to access some general information held in UNB databases such as names and e-mail addresses and generic UNB budget information, but private, personal information such as student, faculty or staff passwords or credit card information was not obtained. The group was able to access an administrator username and password for a tool used to shorten website addresses, and access a list of login ids and passwords used for outside employers to post job opportunities for students.
Who was responsible for this? Was it a student, faculty or staff member?
An outside group claimed responsibility for the incident.
Why did they do this? What was their motivation?
The group appears to be motivated mostly by curiosity. They also did take the step of notifying us of the vulnerability.
How did UNB learn about this incident?
A member of our web group began looking into a message sent by the group early Sunday morning and alerted key staff shortly thereafter. The particular vulnerability was closed in about a half hour from when key staff members were notified.
What did ITS do once it learned about the incident?
In addition to closing the particular vulnerability, a triage group of experts was assembled on Sunday and worked through the day to investigate the incident and conduct a thorough review of our systems for other vulnerabilities.
What are we doing now?
Our team is continuing their investigation and continuing our efforts to further enhance security.
Have police been notified?
Will this happen again?
Like any major organization, individuals and groups from around the world are always trying to gain access. We will continue to work hard to ensure our systems are secure. We’ve learned from this and will continue to improve.
On Tuesday, May 15, CBC Information Morning Fredericton interviewed Terry Nikkel (Associate VP, Information Technology Services) about this incident. To listen to a podcast of the interview, click here.