Student charged with cyber crimes in U of A malware breach
A University of Alberta student faces charges after hundreds of university-owned computers and thousands of passwords were put at risk by malware.
A 19-year-old student has been charged with cyber crimes, including mischief in relation to computer data, unauthorized use of computer services, fraudulently intercepting functions of a computer system and use of a computer system with intent to commit an offence.
In total, 304 university computers and potentially 3,323 users’ passwords may have been affected.
The U of A is reassuring students and staff their computer systems are now secure.
Anyone potentially affected by the security breach was told following the incidents, Gordie Mah, the university’s chief information security officer, said in a news release Thursday.
On Nov. 22, Information Services and Technology detected malware on 287 computers in 20 classrooms and labs in the Library Knowledge Commons, Computing Science Centre and in the Centennial Centre for Interdisciplinary Science. That incident potentially affected more than 3,300 faculty, staff and students.
The next day, the university notified 3,304 students, staff and faculty members whose university passwords may have been at risk.
A joint police and university investigation discovered malware on an another 17 university computers, which they determined may have compromised 19 people’s passwords.
The two incidents took place between Nov.17 and Dec. 8, 2016, the Edmonton police Cyber Crimes Investigation Unit confirmed in a news release Thursday.
U of A Information Services and Technology warned students, staff and faculty to reset their passwords.
The university said it waited until Jan. 5 to share the information with the entire campus because the police were investigating.
The university continues to monitor the computer systems and has advised Alberta’s Information and Privacy Commissioner about the incident.
Malware involves malicious software and computer programs that allow perpetrators to gain control of a system and potentially steal information.