MUN investigating Grenfell cyberattack as classes pushed back a week
It’s unknown if personal information has been leaked
Days after a cybersecurity attack at Grenfell Campus in Corner Brook, the resumption of winter classes has been pushed back a week and email services are still down, while vice-president Ian Sutherland said Wednesday an investigation is underway to determine the scope of the problem.
He said the school became aware of an information technology service issue on Dec. 29 and enacted emergency protocols to contain it. As a precaution, he said, the Marine Institute's IT services were also temporarily shut down.
"As part of our protocols, whenever an incident like this happens, we need to shut down our IT services to focus on containment. And that was of course done," Sutherland told CBC News.
"And I think one of the success factors of this, is that the issue has been contained to Grenfell Campus, so not impacting currently any of the other campuses of the university."
Services like MUN email accounts aren't operational, although Sutherland said they are looking into workarounds for that problem.
"If there has been any data that has been leaked or lost, we will of course inform those directly impacted as soon as we possibly can," said Sutherland.
He pointed to a "rise in cybersecurity issues" across the university sector in Canada, but couldn't say why it happened at Grenfell specifically.
In an email, MUN spokesperson Chad Pelley said the school contacted the RCMP's National Cybercrime Coordination Centre and the Royal Newfoundland Constabulary, as well as the Canadian Centre for Cyber Security and the Canadian Anti-Fraud Centre, on Dec. 30.
Following protocols
Memorial University associate professor and computer security expert Jonathan Anderson said he couldn't talk about the specifics of this incident but it looks like the university is actively tackling the problem.
"In general, initially you're really looking for people to kind of accept that there is a problem, start acting on it, start containing the problem, limit the damage to other operational kinds of systems and to start doing investigative work and preserving evidence if it's needed for law enforcement or other authorities," Anderson told CBC News.
While it's still early days after the cyberattack, Anderson said these are good signs.
In these cases, he added it's important to isolate systems so the problem doesn't spread and compromise more systems, and ensure it doesn't become a provincewide issue.
He said there are a number of reasons as to why a person or group might want to access a university system, including pre-commercialized technology and intellectual property theft.
"In some cases it could be a very vanilla, box-standard kind of motivation, like ransomware or something like that," said Anderson.
"We don't really know in this particular case, but there are lots of reasons that somebody might be interested in causing havoc, and it might be, as they say, for fun or for profit."
Faculty brace for impact
Memorial University of Newfoundland Faculty Association president Josh Lepawsky has concerns over how the administration has been communicating with Grenfell faculty over the cyberattack.
He said Grenfell faculty had their first emergency meeting on the situation Wednesday morning and they have been told faculty will need to return laptops and computers that were issued by the university for a checkup.
In the meantime, Lepawsky said, faculty have been told they might have to use their own devices for courses, which he described as "problematic, to put it mildly."
Lepawsky is also concerned that the suggested workarounds — faculty using their own devices for work — haven't been thought out, as these devices have personal data on them.
"And so employees are being put in a situation where they are, in effect, being asked to risk their personal data security in order to do their job," he said. "It is an emergency situation. Faculty, you know, need and want to do their job, but we also have to have the appropriate tools provided by the people who employ us."
IT problems could also have impacts on research being carried out by faculty, he said.
While he said the administration has said in-person classes will start on Monday, he doesn't think it will be a smooth transition, though he understands that faculty and administration are doing what they can under the circumstances.
CBC News requested an interview with Education Minister Krista Howell but was instead sent an email on behalf of the department by spokesperson Lynn Robinson, who said MUN is an autonomous institution and questions should be directed to the university.
However, Cape St. Francis MHA and PC digital government and services critic Joedy Wall said he's worried about the silence from the Liberal government on the issue.
"The security incident is very concerning. We had our first one in the province back in 2021 in our health-care system and one of the worst in the country. And here we are now in 2024 with another security breach in our education system," said Wall.
Wall said he understands MUN and the government are separate entities but the government should be proactive on the issue of curbing cybersecurity threats.
He added that MUN had said a spokesperson would be available in the coming days to talk more about what happened, but suggested that's little consolation to students who are worried their financial information might have been compromised.
Download our free CBC News app to sign up for push alerts for CBC Newfoundland and Labrador. Click here to visit our landing page.
ABOUT THE AUTHOR
With files from Colleen Connors