Cybersecurity Incident (Feb 2021): FAQ

In February 2021, Lakehead University was the victim of a cybersecurity incident. The incident was resolved within weeks thanks to the hard work of Lakehead's Technology Services Centre (TSC) and external cybersecurity experts brought in to support our efforts to restore access to our servers and on-campus computers, and to conduct a forensic review of what happened. 

Below are questions that have been frequently asked about the incident. These will be updated as necessary.

While there's no evidence that any of the information accessed by the malware has been used by a third party, Lakehead University will be reaching out to specific individuals whose information was accessed to inform them and recommend steps they can take to protect their information.

This incident has been taken very seriously, and includes immediate and long-term strategies and investments to strengthen our cybersecurity tools, policies, and procedures.

If you have any questions regarding this matter, please email cyberquestions@lakeheadu.ca.

 

FAQ

What happened?
In February of this year, Lakehead University was the victim a cybersecurity incident directed at our servers and Windows-based University-owned computers. As soon as we became aware of it on February 16, 2021, Lakehead’s Technology Services (TSC) team removed all access to our servers and on-campus computers in order to protect our systems and data as much as possible.

We immediately engaged the services of external cybersecurity experts to support our work restoring access to our servers and systems and investigating what had occurred. TSC gradually restored access to all the affected servers and systems by mid-March.

Our work with the cybersecurity experts has determined that software designed to cause damage to computer networks made its way into Lakehead’s network through a computer workstation on our Orillia campus on February 3, 2021 and eventually spread to 60 of Lakehead’s 240 servers on both campuses before being discovered by TSC on February 16.

By February 25, the malicious software had been removed from our servers and work began to safely restore access to our servers, many of which contained applications and software that various systems on both campuses use. As communicated through updates, TSC and our experts gradually restored access to servers and systems across both campuses, completing that task by mid-March. During that time, we also learned that the incident only affected certain Windows-based servers and systems on our campuses. Apple computers and devices were not affected.

The external team helped us analyze what information stored on our servers was accessed and supported our efforts to further enhance our cybersecurity protocols.  This work continues.

Did the University contact police?
Lakehead University contacted local, provincial, and federal police services about this incident. 

What's back up and running, and what is still out of commission?
With support from external cybersecurity experts engaged by Lakehead, Lakehead’s Technology Services (TSC) team restored access to all the affected servers and systems by mid-March.

Do I need to change my Lakehead username or passwords?
As advised in February 2021, if you kept usernames, passwords, or other sensitive personal information stored on Lakehead’s servers or a Windows-based University-owned computer, as a precaution, we recommend that you change them.

As an added protection, TSC implemented a mandatory, one-time password change for all University accounts. The expiry process requires all users to change their passwords. New passwords should be significantly different from current or previously used passwords, and not simply a change of a single character, number, or letter.

Students, faculty, and staff were also offered a multi-factor/two-step authentication process for their University Gmail accounts, if they’d like more protection.

Can computers be used on campus?
How can I tell whether my computer was affected, or whether it's safe to bring it back to campus?
This incident only affected Windows-based University-owned computers.

Apple computers and devices were not affected.

While students and employees may use Lakehead’s internet networks on our campuses with their personal computers and devices, those who have University-owned Windows-based computers or devices at home must not bring them back to either of our campuses before speaking with Lakehead’s Technology Service Centre by calling Desktop Services at (807) 343-8010 (ext. 8400).

What information, if any, was accessed from Lakehead's servers?
Our immediate concern has been to restore access to our servers and affected systems as soon as it was safe to do so. That work was completed in mid-March. To date, there is no evidence that any information was used by a third party.

The cybersecurity experts helped us investigate and ascertain what information was impacted during the incident and enhance our cybersecurity protocols. This work continues.

What are you doing to protect those whose information may have been ask accessed?
While there’s no evidence that any of the information accessed has been used by a third party, Lakehead University is reaching out to specific individuals whose information was accessed to inform them and, out of an abundance of caution, recommend steps they can take to protect their information.