According to UOSU, information was available from Dec. 7, 2020 to Jan. 5, 2021
The University of Ottawa Students’ Union (UOSU) released an incident notice on Thursday afternoon taking responsibility and expressing regret for a public document on its website that shared the personal information of students using the Food Bank.
“The University of Ottawa Students’ Union wishes to notify Food Bank users of an incident involving personal information provided to the University of Ottawa Students’ Union Food Bank (UO Food Bank),” read the notice. “We take our responsibility to protect our members’ personal information seriously, and we sincerely regret that this incident occurred.”
UOSU is offering a “one year subscription to [Equifax’s] Complete Premiere Credit Monitoring and Identity Theft Protection Service” to students whose name and information figured on the document that was made public.
The UOSU says that “affected students will shortly receive instructions on how to enroll in the Equifax program free of charge.”
On Wednesday morning, the Fulcrum published a story detailing that the information of multiple University of Ottawa students who used the University of Ottawa Students’ Union (UOSU) Food Bank was publicly available on the union’s website. According to the UOSU, the information was available from Dec. 7, 2020 to Jan. 5, 2021.
A total number of 111 students were listed on the document along with their personal student numbers and emails. Although 111 names were listed on the document, UOSU states that only 94 students’ information were available to the public.
The document also contained the phone numbers of 62 students and featured a list of items with the number of times they were requested by students.
The union is blaming the incident on “an employee of the UOSU [who] mistakenly and unintentionally configured a Google Form so that it contained a link entitled ‘see previous responses.’ ”
“We are taking steps to ensure that such an incident does not occur again, including revising our processes for collecting personal information to reduce the risk that personal information could be mistakenly made available to unauthorized individuals,” ensured the UOSU in the incident notice.
Students affected are being warned by the UOSU “to be alert for ‘phishing’ emails or text messages by someone who acts like they know them and requests sensitive information over email, such as passwords, Social Insurance Numbers, or bank account information.”
“Do not open attachments or click on links in emails or text messages from senders that are unknown or are unexpected,” advises the union in its notice.
The incident notice also states that “If an individual suspects that they may have been a victim of identity theft or fraud, they should consider contacting their local police and visit the Canadian Anti-Fraud Centre for support. They should also review the RCMP’s Identity Theft and Identity Fraud Victim Assistance Guide for steps they can take if they are the victim of identity theft or identity fraud.”
Any students who have questions about the incident are encouraged to contact the UOSU’s advocacy commissioner Tim Gulliver. His email and phone number can be found at the bottom of the union’s incident notice.