News Brief: Kwantlen Student Association Manages Internal Data Breach
The Runner received an anonymous tip that the Kwantlen Student Association had been “attacked by ransomware” and consequently lost “confidential personnel data” on May 31. However, according to KSA Executive Director Ben Newsom and President David Piraquive, there is no evidence to support that such an attack was made against the association in hopes of accessing private employee information.
“Nobody was trying to get the data,” says Newsom. “Any time you lose data, it’s technically a data breach of some sort, but nobody had to actually hack through anything. It’s a problem that got on our system and that problem led to data loss.”
He continues, “No personal information was stolen. No personal information was leaked. No student data was lost.”
Piraquive adds that “there were no threats or anything like that” made against the KSA, and that he “has no idea” why an employee might have thought that the data breach was a ransomware attack pertinent to staff. The two of them clarify that it was “internal accounting data” that was lost.
Although Newsom says that he has “theories about why” this happened, he is reluctant to share them for confidentiality reasons.
“Not everyone needs to know about ways to get through our system,” he explains. “We don’t want to publish our security protocol.”
In regards to what has been done to address this issue, information about the breach is under evaluation. One of the conclusions that the KSA drew from this analysis is that its hardware needed to be updated. Staff are currently working on implementing these changes, and “people who were directly affected” by the breach have been alerted, Newsom explains. They’re also working on retrieving all of the data lost as a result of the breach, and soon will be completing a massive upgrade of their internal infrastructure.
“The major upgrade was coming last year. The actual problem that led to this would have probably been caught by that if we were able to do it, but it was a separate issue than just, ‘This hardware’s old. We have to upgrade it,’” he says. “We have 50 people in here with two devices that connect on a wireless signal, so that hardware can’t handle that load.”
Newsom has been working with the KSA since 2010 and has only seen one similar data breach affect the organization during that time.
“That’s why no one had flagged it as a problem up until this point,” he says. “That’s why there needs to be a system in place for reviewing that at least on a yearly basis.”
“It just shows that we have to do better when it comes to backup data servers,” adds Piraquive.