The Cooperative informed ECU that log files on their servers were obtained by an attacker, which included the email addresses and phone numbers of ECU community members who received automated notifications from the ECU library system (i.e., checkout notices, overdue notices, hold notifications) between March 27 and April 19, 2024.

The Cooperative has confirmed the breach was limited to email addresses and phone numbers. This means that:

• The content of the email/SMS notification attached to the email address/phone number was NOT leaked; and
• No other personal information of ECU community members was leaked.

To clarify, the leaked information does NOT say what the notifications were about and does NOT reveal any other information about ECU community members or their library-related activities, such as checkouts and holds.

We apologize for this breach, and we are working closely with the Cooperative to remediate and resolve the breach and minimize its impact on those affected. It is our understanding that the most likely risk stemming from this information leak is the use of email addresses and phone numbers to generate spam or phishing messages. We highly recommend you refer to the Canadian Anti-Fraud Centre for more information about how to protect yourself from spam or phishing messages.

In addition, it may increase the likelihood of receiving spear phishing messages – messages pretending to be from a person or system you are known to communicate with requesting money. Please know that the ECU will NEVER ask for your financial information nor any other personal information via email or SMS like your Social Insurance Number or bank account information.

If you have any further questions about this privacy breach, would like to report a suspicious email or SMS you have received, and would like more guidance about protecting your personal information, please contact ECU’s Privacy Office at privacy@ecuad.ca