[BreachExchange] Hackers demand $30, 000 ransom from University of the Fraser Valley

Destry Winant destry at riskbasedsecurity.com
Wed Nov 1 21:41:59 EDT 2017


http://www.metronews.ca/news/vancouver/2017/11/01/university-of-the-fraser-valley-investigating-breach-of-student-information.html

The personal information of more than two dozen students attending the
University of the Fraser Valley in British Columbia has potentially
been breached online.

Spokesman Dave Pinton said the Abbotsford-based university and police
are investigating suspicious email related to the disclosure of
"limited personal information" of 29 students.

The information involves names, emails, phone numbers, addresses,
grade point average and in one case, limited financial information.

Pinton said whoever sent an email to students on Monday a demanded
$30,000 ransom.

The university temporarily suspended access to some student and staff
web systems and is working with the students and investigators, he
said. The Office of the Information and Privacy Commissioner of B.C.
has also been notified.

"UFV takes the security of our email and information systems very
seriously," he said, adding that the university is keeping students
and staff updated on the availability of its online systems.

Abbotsford police say they were contacted by the university on Monday
about demands for money involving the students' information.

Const. Ian MacDonald said the incident has been deemed an extortion
attempt and computer forensic experts within the department's major
crime unit are involved.

The case appears similar to phone or email scams where fraudsters
pretend to be police or government officials and demand the victim pay
a fine or face detention, he said.

Investigating scams can be a challenge, particularly  online where
perpetrators try to cover up their digital fingerprints or victims pay
ransoms with Bitcoin or gift cards, MacDonald said.

"From a policing standpoint we try to do as much as we can by way of
prevention before people get separated from their money," he said.


More information about the BreachExchange mailing list