On December 5, 2024, Centennial College learned that the email account of a Centennial College employee was compromised by an inbox rule which automatically forwarded received emails to an external, third-party email inbox. On discovering this rule Centennial College immediately took action, including by disabling the auto forwarding function for Centennial College emails, refreshing Centennial College’s email policies and procedures, and by retaining outside experts to investigate the scope of the incident’s impact.
On investigating the inbox, we learned that certain emails contained spreadsheets listing students graduating from Centennial College between 2015 and 2023.
If you were a graduate of any program at Centennial College between 2015 and 2023, the following information of yours was forwarded:
- Full legal name;
- Centennial College student number;
- Date of birth;
- Gender;
- Graduation year; and
- Funding status.
We would like to emphasize that there is no evidence that this information was accessed or otherwise misused.
What can you do to protect yourself?
We encourage you to always remain vigilant against the impact that can result from a cyber incident by noting the following recommendations:
- If you receive emails purporting to be from Centennial College asking for financial, health or any other sensitive information, please consider the email or text may be fraudulent, and contact us immediately without responding to the email or text.
- Change your passwords regularly and make sure they are secure. Do not use the same passwords for your work and personal accounts.
- Avoid sharing your personal information unsolicited, whether by phone, email or on a website.
- Avoid clicking on links or downloading attachments in suspicious emails.
- If you notice any suspicious activity, report the incident to the appropriate authorities (e.g. your bank, the College via privacy@centennialcollege.ca, the police, etc., depending on the nature of the activity).
Supports available to you
We want to stress that Centennial College is not aware of any access to or misuse of this information. You should always remain vigilant for phishing emails – please review this resource from the Canadian Centre for Cybersecurity for more information on how you can protect yourself from the risk of phishing.
Other steps being taken
We have reported the incident to the Information and Privacy Commissioner of Ontario (IPC) and are in the process of notifying all affected individuals, though you are entitled to make a complaint to the IPC. For more information, please visit the IPC website at https://www.ipc.on.ca/ (Address: 2 Bloor Street East, Suite 1400, Toronto, Ontario M4W 1A8; Telephone: 416-326-3333, 1-800-387-0073). If you have any questions or concerns about this incident, please contact us at privacy@centennialcollege.ca and we will be happy to assist you.
We deeply regret that this incident occurred and apologize for any inconvenience it may have caused.
Sincerely,
Centennial College Privacy Office