The Aquinian has learned St. Thomas University’s online recruitment portal for Grade 10 and 11 prospective students was compromised and the service was interrupted on April 1, 2017.
The university doesn’t know the exact number of prospective students whose data was compromised, but “it did have an impact,” said associate vice-president communications Jeffrey Carleton. Carleton said that impact is hard to measure on a student-by-student basis, but that, “it wasn’t insignificant.”
The services that were interrupted included program applications, scholarship and bursary applications, residence applications, offers of admissions and campus tour booking.
The data breach meant the university lost the ability to pull some prospective student data and communicate with students moving forward. There was no student data taken from the server and the breach had no effect on current student data.
“It’s fair to say that it was a loss for us,” said Carleton, adding that the kind of data compromised was “very narrow.”
Prospective students were informed that their data was compromised, said the university.
Data restored
The university and the database company had to spend the summer rebuilding the data for the Grade 10 and 11 prospect pool by using email lists and sending out inquiry cards. The recruitment database itself was back online and operating within a few days.
The university doesn’t believe that it would have impacted students’ decisions to attend STU.
“If you look at the date that it happened, April 1, March 1 was the deadline for scholarship applications … so students who were thinking of St. Thomas, they would have already applied … we think the impact would have been minimal — there would have been some impact, [but] it’s very difficult to say [how much],” Carleton said.
The recruitment system has now been operational for months, but the university has made the decision to do a request for proposal for a new recruitment database system.
“We expedited our plans to issue an RFP to look at a service provider for this piece of technology for us and we expect to have that in place in the spring and summer of 2018,” Carleton said.
The RFP period closed in October and they received a number of proposals. The IT team at STU will be looking at a number of RFPs in detail and hope to see presentations from them in November, “and be in a position to make a decision on a recruitment system come December and then begin the implementation for next year.”
No cause for concern
Students have no reason to be concerned, said the university.
“This is an external service provider for a very narrow and particular type of portal service, so there’s absolutely no reason for students here to be concerned,” Carleton said.
Heather MacLean, communications and public policy professor at STU, said institutional data breaches will “absolutely” continue to happen with increasing frequency in the future.
MacLean is also the chief marketing officer of TaylorMade Solutions, a New Brunswick company specializing in business, marketing and communications.
“There’s more and more of this happening all the time,” she said.
“It’s just growing and growing and growing and everything our society is doing is digitized. Everything that we do, we’re putting out data, whether it’s having a vacuum cleaner that’s remote and going through your home or tracking and monitoring your home … it’s everywhere and we’re reliant on it for our society and doing business,” MacLean said.
She emphasized the need for training and education in order to prevent future data breaches from happening
“I don’t think any organization is without risk. It’s not ‘if’, it’s ‘when.’”