Software Error Exposes Ryerson Student Information
Quick Facts
- Date: 2/23/2009
- Institution: Ryerson University
- Type of Incident: Unauthorized Disclosure
- Number Affected: 588
- Source: DataBreaches.net
- Abstract Source: CNW
Abstract
Ryerson University is working to notify students after it became aware of an error in the University's Student Administration System (SAS) that potentially exposed student information. The error in the SAS system allowed individuals using SAS to view others' personal information including names, genders, dates of birth, student numbers, mailing addresses, email addresses, and Social Insurance numbers. Ryerson became aware of the error when three students notified the university in late December and early January. Ryerson installed a software patch on January 9th to fix the problem and hired Ernst & Young to investigate the vulnerability. The investigation determined that as many as 366 students had access to the personal information of others and that the patch installed fixed the vulnerability. Ryerson University President Sheldon Levy has commended the three students that alerted the university to the error for their initiative, integrity and sense of responsibility.
