We wish to advise the McGill community of a security breach related to student records stored on one of our file servers. Files that included the names and partial academic records of students who had been enrolled in some academic programs at McGill a number of years ago were mistakenly made accessible using the search engine located on McGill’s homepage. Such files are normally reachable only via password-protected login.
A preliminary investigation indicates that on Thursday 26 April various modifications to the software code of McGill’s search engine were made and that one of these changes caused the problem. By the afternoon of Friday 27 April access to the file server and its contents were once again blocked to unauthorised users.
I have mandated the Chief Information Officer and the Registrar to review administrative processes, technical procedures, testing practices for upgrading software, and the data and systems architecture of our file servers and information systems in order to ensure that errors of this type do not recur.
McGill University takes the privacy of student records and the security of its information systems very seriously. All affected individuals will receive a personal notification. In the meantime, we convey our sincere apologies for this incident.
Prof. Anthony C. Masi, Provost