An e-mail circulated to TRU students and faculty regarding a possible privacy breach sent some into a mild panic. Christopher Seguin, President of Advancement and spokesperson for TRU, would like to assure all those potentially involved that the problem has been addressed and the university continues to review both its privacy and security practices, as well as internal software.
The software bug was detected in the myTRU portal between October 2012 and March 16, 2015. When two individuals attempted to reset their portal passwords at exactly the same time, potentially one of these individuals could gain access to the other’s portal.
Photo Credit: MyTRU.ca
Seguin wants to stress the context in which this was possible. For a breach to arise, users would not only have to log in to the myTRU portal , but also change their password, and only simultaneously with another user. The probability of such an occurrence is dramatically small.
Yet in the interests of full disclosure TRU issued this warning to students and staff.
“The chances that info was used with malicious intent, are very, very low,” says Seguin. While other media outlets are reporting specific cases associated with the breach, Seguin says, emphatically, that no link to misuses can be confirmed to the breach at TRU.
The university has since disabled the myTRU Automatic Password Re-set feature, and TRU is currently working on a new method of authentication to be made functional in the next short time period.
