At Ryerson, we believe an informed community is a safer community.
Recently, our campus was subjected to a breach of cybersecurity, which impacted both our academic integrity and learning environment. Hardware keystroke loggers were used to obtain personally identifiable information (PII) of faculty such as logins and passwords. As a result, several course grades and intellectual property have been compromised; particularly a midterm examination conducted in an upper-level Faculty of Science course. We understand the impact this incident has had on our academic environment and are actively working to rectify the situation.
Cybersecurity is a priority at Ryerson. At this time, the full extent of the breach remains unknown. Ryerson and its various branches are gathering additional information that will result in appropriate action for those affected. In particular, our Computing and Communications Services (CCS) Department is conducting an audit that will gauge the impact this incident has had on the technological resources that Ryerson is able to offer its staff, faculty and students.
In its commitment to continually improve our cyber-environment, Ryerson allocated approximately $3.4 million to cybersecurity infrastructure within its 2017-18 budget (Chandler, 2017). In light of this breach, Ryerson University is considering a robust update of its hardware fleet. This may consist of providing staff with laptops, which are inherently much more difficult to tamper with. The aforementioned CCS technology audit will determine the need for such action, with further information to follow. Our goal is to ensure this incident is not repeated in the future.
Ryerson takes our learning environment seriously and reassures the community that the responsible individuals will be reported accordingly. We would like to note that the malicious hardware, stolen materials and artificially changed grades are violations of academic integrity and are considered to be academic misconduct. According to Section 2 of Policy 60, “Any behaviour that undermines the University’s ability to evaluate fairly students’ academic achievements, or any behaviour that a student knew, or reasonably ought to have known, could gain them or others unearned academic advantage or benefit, counts as academic misconduct.” (Academic Integrity Office, 2018)
In regards to the invalid midterm, the Faculty of Science will implement an equitable solution that will consist of the choice between a makeup assignment or the pooling of missing marks to the final examination.
In closing, we appreciate your patience as we remediate this unfortunate occurrence. We value all members of the Ryerson Community and their contributions to our diverse learning environment.
We are working hard to find a permanent solution to cyber hacking, by becoming aware of possible threats and vulnerabilities, you can help to protect Ryerson as well as yourself (Computing and Communications Services).
Here are some steps you can follow:
- Use two-factor authentication for “all applications” because passwords don’t provide enough protection for your Ryerson account and everything it can access.
- Master the common traits of phishing emails and how to report and delete them.
- Install and automatically update antivirus software.
If you suspect that your hardware has been tampered with please contact our IT department with your concerns.