Quick Facts

• Date: 2/23/2009
• Institution: Ryerson University
• Type of Incident: Unauthorized Disclosure
• Number Affected: 588
• Source: DataBreaches.net
• Abstract Source: CNW

Abstract
Ryerson University is working to notify students after it became aware of an error in the University's Student Administration System (SAS) that potentially exposed student information. The error in the SAS system allowed individuals using SAS to view others' personal information including names, genders, dates of birth, student numbers, mailing addresses, email addresses, and Social Insurance numbers. Ryerson became aware of the error when three students notified the university in late December and early January. Ryerson installed a software patch on January 9th to fix the problem and hired Ernst & Young to investigate the vulnerability. The investigation determined that as many as 366 students had access to the personal information of others and that the patch installed fixed the vulnerability. Ryerson University President Sheldon Levy has commended the three students that alerted the university to the error for their initiative, integrity and sense of responsibility.

Quick Facts

• Date: 10/14/2008
• Institution: Ryerson University
• Type of Incident: Unauthorized Disclosure
• Number Affected: Unknown
• Source: ESI
• Abstract Source: The Eyeopener Online

Abstract
Ryerson University is currently investigating how boxes containing sensitive documents could have been left unsecured in empty offices. The boxes, located in Kerr Hall South, contained payroll stubs, student numbers, grades, exams, staff tenure reports, and resumes. The boxes themselves contained labels such as "shred" and "confidential". The offices where the boxes were found were last used by the industrial engineering department in late 2007. According to Heather Driscoll, the university's FIPPA coordinator, it doesn't matter if the university can tell definitively whether or not anyone read the documents. For Driscoll the problem is that the documents were left unsecured in the first place.

Quick Facts

• Date: 3/13/2007
• Institution: Ryerson University
• Type of Incident: Unauthorized Disclosure
• Number Affected: Unknown
• Source: ESI
• Abstract Source: The Eyeopener

Abstract
Ryerson University students lodged complains last week that certain Ryerson Web sites and e-mails sent by professors violated Canada's Freedom of Information and Protection of Privacy Act (FIPPA). These sites contained listing of student names, student ID number and grades. Posting grades with student ID numbers (with the last 2 digits removed) in public forums is a regular occurrence. However, it is the inclusion of student names along with full student ID numbers that spark student complaints. Ryerson general counsel and secretary to the Board of Governors Julia Hanigsberg urges all students to immediately notify the university if they notice anything they are concerned about.