Accessing 2,000 personal records 'exceptionally easy' says Laurentian student
University notified staff and students about breach in January
It was on a Friday night in January, that Spencer Brydges realized he could see things he wasn't suppose to in the Laurentian University computer database.
He says he was following up on some vulnerabilities he had noticed a few weeks before and now found he could access personal records including passwords, phone numbers, grades and whether or not a student had been to see a counsellor.
"Yeah, it was exceptionally easy. Trivial almost," says the comptuer science student.
"I did have access to pretty much the whole system. People's privacy was at risk, but that wasn't my intention."
Brydges says he wrote up a report and send it to the university's information technology department, something he says he had done a few years earlier when he was able to access the Laurentian parking database.
He says the university has launched an investigation and contacted Greater Sudbury Police, which is also investigating.
Brydges says he has been temporarily banned from the Laurentian campus during the investigation, but is continuing his studies remotely.
"This isn't the response I was looking for. And the fact of the matter is, I do believe at the end of the day that this would be appreciated," he says.
'We do everything we can to make sure the information is safe'
A letter was sent to all the Laurentian employees and students whose information may have been compromised.
"Although it is our view that the acts of the unauthorized student were malicious, our current belief is that your personal information was not accessed for the purpose of identity theft," reads the letter.
Laurentian Chief of Staff Alex Freedman says while at one point they thought the intention may have been to change grades, that has been ruled out.
"What we found is that they were likely doing this to prove a point," says Freedman.
I don't think any organization anywhere on this planet would be able to say all our information is always secure.- Alex Freedman, Laurentian University Chief of Staff
He says the university, like most large organizations today, are under constant threat of cyber attack and this breach shouldn't be seen as a sign that Laurentian is especially vulnerable.
"We do everything we can to make sure the information is safe and we take the privacy of the information contained in this university very seriously," says Freedman.
"I don't think any organization anywhere on this planet would be able to say all our information is always secure."
Brydges says he isn't upset about Laurentian's response and is confident that the investigation will find that he did nothing wrong.
"They don't know what I could possibly know about students, what I could have on students," he says.
"I'm going to give them some leeway."