The University of New Brunswick is on alert after email addresses were released during a massive data breach in January.
UNB email accounts were found in a large-scale data dump referred to as “Collection 1.”
Erik Denis, the senior cyber security officer at UNB, offered some explanation of the event for the uninformed.
“Collection 1” was not a single breach, but a compilation of thousands of breaches over a few years that involved millions of unique email addresses and passwords.
David Shipley, CEO of Beauceron Security, said the collection demonstrates just how widespread the organized “cybercriminal underground” is.
“It demonstrates that, when it comes to cybersecurity, the world is in a far worse state than the average consumer would ever imagine,” he said. “It is going to take the better part of a decade before we can really see improvement.”
Shipley said cybercrime is a “booming business” and data breaches occur all the time. A second, third and fourth iteration of this type of collection have already been released.
Denis said the university’s system was not hacked. The emails found in the collection are a result of people using them for accounts on various websites.
When a website is hacked, the hackers can gain access to the login information of users, which can then be tested against other servers, according to Denis.
It is possible that there were attempted breaches against the UNB system, but were unsuccessful as none of the passwords were compromised. Denis said the danger arises when an individual uses the same password for multiple accounts, as that give hackers a way in to other websites and more personal information.
He said if your information has been compromised once, you are at a high risk to be a victim again.
“The risk is when hackers see certain address or people who are part of a breach, they are targeted more,” Denis said.
Universities are often targets of cyber attacks as they have access to vast amounts of data. The University of Calgary paid a $20,000 ransom to hackers in 2017 after malware encrypted critical files and shut down access to the school’s wireless internet network.
The University of Alberta and Carleton University have also experienced cyber attacks.
UNB has sustained its fair share of breaches. The majority have occurred as a result of human error. A right to information request filed by The Brunswickan found 70 breaches between Jan. 2016 and Nov. 2018.