Community Updates

ECU Library & BC Libraries Cooperative: Notification of Privacy Breach

This post is 6 months old and may be out of date. View the latest from Library →

Library
By Hillary Webb

Posted on | Updated

Filed in Faculty, Staff, Students

On April 25, 2024, the BC Libraries Cooperative notified Emily Carr University (ECU) that the organization had experienced a cybersecurity attack, resulting in a privacy breach. The attack impacted the Cooperative’s Integrated Library System (ILS), which provides the ECU Library with various services such as support for managing, cataloguing, and circulating library materials.

The Cooperative informed ECU that log files on their servers were obtained by an attacker, which included the email addresses and phone numbers of ECU community members who received automated notifications from the ECU library system (i.e., checkout notices, overdue notices, hold notifications) between March 27 and April 19, 2024.

The Cooperative has confirmed the breach was limited to email addresses and phone numbers. This means that:

  • The content of the email/SMS notification attached to the email address/phone number was NOT leaked; and
  • No other personal information of ECU community members was leaked.

To clarify, the leaked information does NOT say what the notifications were about and does NOT reveal any other information about ECU community members or their library-related activities, such as checkouts and holds.

We apologize for this breach, and we are working closely with the Cooperative to remediate and resolve the breach and minimize its impact on those affected. It is our understanding that the most likely risk stemming from this information leak is the use of email addresses and phone numbers to generate spam or phishing messages. We highly recommend you refer to the Canadian Anti-Fraud Centre for more information about how to protect yourself from spam or phishing messages.

In addition, it may increase the likelihood of receiving spear phishing messages – messages pretending to be from a person or system you are known to communicate with requesting money. Please know that the ECU will NEVER ask for your financial information nor any other personal information via email or SMS like your Social Insurance Number or bank account information.

If you have any further questions about this privacy breach, would like to report a suspicious email or SMS you have received, and would like more guidance about protecting your personal information, please contact ECU’s Privacy Office at privacy@ecuad.ca