Student Service Centre Software Issue

On September 3, 2014, a software bug was discovered in the online Student Service Centre (SSC) that may have exposed personal information to other users of the system. The bug existed in the system for about two years (Nov 14, 2012 to Sep 5, 2014) before we discovered and removed it. The number of individuals affected by this bug is small, and the risk to the affected individuals is extremely low.

How many people were affected?

The bug manifested because a section of code could not respond fast enough when two students clicked on a link to view their Electronic Funds Transfer (EFT) banking details within 1/10th of a second of each other—a very rare occurrence. We have been able to determine that about one in 1,000 students who stored EFT information in the SSC may have been affected by this bug.

What happened?

In those rare cases where the bug was triggered, the system would display one user's information to the subsequent user. The information that would have been displayed in this case is the same information that appears on a personal cheque (account holder name, financial institution number, transit number, and account number).

How could this affect me?

While we understand that students may be alarmed about the possible disclosure of bank account information, we also want to avoid creating unnecessary concern. The information that was released due to the bug is the same information that appears on a personal cheque. This information is not sufficient to allow anybody to access a bank account.

What is UBC doing?

The issue was first reported on September 3, 2014. The bug was then identified on September 4 and fixed in the early hours of the morning on September 5. The software, which was developed at UBC, has been subjected to a detailed analysis and we can confirm that the bug has been successfully identified and corrected.

An email was sent out to all potentially affected students but it may take up to 48 hours to receive due to the large group mailout. While the risk is very low, UBC takes privacy seriously and felt it was important to give these students all of the relevant information.

UBC IT actively monitors all of its major software systems for reliability and security. While we recognize that no major computer system is entirely bug-free, we have been using this system for many years without issue and we continue to have a high degree of confidence in its reliability and security.

What can I do?

As always, you should take time to review your financial information and bank transactions for any errors or irregularities. If you notice any problems, contact your financial institution and UBC Enrolment Services at 604-822-9836 or 1-877-272-1422 toll-free from Canada and the US.

For updates on IT security issues, please visit the UBC IT Bulletins page.

Further Information

If you have any questions or concerns, please contact UBC's Enrolment Services staff by email at info@askme.ubc.ca or by phone at 604-822.9836 or 1-877-272-1422 toll-free from Canada and the US.