Personal data may have been compromised during the cyberattack that targeted Montmorency College last week. Student data would have been spared, but a credit monitoring service is offered to employees.
Posted at 5:00 a.m.
Still ongoing, the investigation into the cyberattack “demonstrates that certain personal information on the College’s computer servers may have been compromised,” says an internal management opinion obtained by The Press.
“According to the information we have, only part of the College’s computer systems seem to have been subject to data exfiltration, and this, for a limited period,” it says.
Without confirming that damage has indeed been done to the personal data of employees, the Cégep does not confirm that they have been spared. However, management has no evidence to suggest that students’ personal information has been stolen.
“Our investigation is still ongoing and to the extent that we should conclude that other personal information may have been compromised, we will notify those affected,” said the establishment’s spokesperson, Marilyn Doucet.
On May 11, the Laval college was the victim of an intrusion into its computer system.
Judging the threat to be serious, management requested the assistance of the Cyber Defense Operational Center of the Government of Quebec, the Ministry of Cybersecurity and Digital Technology and the firm KPMG, which specializes in cybersecurity. The Laval police were also called upon.
The group behind the cyber attack and its demands are still unknown. “You will understand that we cannot comment on these issues which are the subject of an investigation”, explains Mr.me Sweet.
However, management confirms that it is working with legal advisors from Toronto and Montreal in this case.
The Ministry of Cybersecurity and Digital had not responded to our questions at the time of this writing.
Protection for staff
In anticipation of a potential data theft, Collège Montmorency offers the services of a credit file monitoring company to its employees.
“Steps are underway to activate this protection for all affected individuals,” the internal notice said. The measures to be taken in the event of compromised information will soon be communicated to the staff, it is specified.
An access line to a resource specializing in helping relationships was also made available to employees.
Eventful end of session
The cyberattack disrupts the end of the student session. The school’s internet network, like the grades portal, is still inaccessible. Classes and activities continue despite everything.
Two days after the incident, the students were back in class. The management had decided to lift the courses in order to take the time to remedy the situation.