On February 14 at 9:00am the UMSU Executive team was made aware of a privacy incident that occurred on February 12. An email containing student names, emails, faculties, and student numbers of union members was accidentally sent to the 30 candidates running in the upcoming UMSU general election. No financial information was included. We apologize for the stress and inconvenience this has caused to our members.

What happened

This was an accidental disclosure and was not the result of a cybersecurity breach or attack. Upon learning of the incident, we took the following actions:

• Initiated an email recall using Microsoft technology.
• Instructed all recipients to delete the email and attached file immediately.
• Began reviewing our data protection policies with our legal team to strengthen privacy practices and prevent future occurrences.

What affected individuals should do

While the risk associated with this type of data disclosure is lower, we understand the importance of protecting personal information and deeply regret any concern this may have caused. As a precaution, we advise affected individuals to remain vigilant for potential phishing attempts from anyone impersonating the student union.

Our commitment moving forward

We take privacy seriously and remain committed to ensuring the integrity of our elections and the security of our members’ information. We will continue to review and enhance our data protection measures to prevent similar incidents in the future. We apologize for any inconvenience caused.If you have any concerns or questions, please contact pres@umsu.ca.