Kwantlen Polytechnic University reports third party breach of students data

Kwantlen Polytechnic University's (KPU) provider of student health, dental, and wellness services, Gallivan, has disclosed a data breach involving students' personal information, which occurred through a breach in Gallivan's third-party security company.

Kwantlen Polytechnic University (KPU) is a public university located in British Columbia, Canada.

Gallivan informed KPU students on August 28 that Gallivan was notified of this breach on March 10. The breach occurred at the third-party security company, which Gallivan uses to transfer data between its benefit administration systems, service partners, and the Kwantlen Student Association. The compromised tool is GoAnywhere by Fortra.

Previously, Gallivan was named as the third party breach in a report by University of Guelph.

As a result of their investigation with the assistance of both internal and external cybersecurity advisors, Gallivan determined that the breach exposed KPU students'

• IDs,
• names,
• dates of birth.

This information could potentially be misused for fraudulent activities, such as identity theft.

No details are available about the number of impacted students.

Gallivan emphasized that neither KPU nor the Kwantlen Student Association are responsible for the breach and that, at present, there is no evidence of the leaked data being used for malicious purposes. Gallivan is taking a proactive approach to address the situation and has discontinued its use of the third-party service.

As an added precaution, they are offering KPU students a comprehensive credit monitoring service. The affected students are those who have used or currently use the medical and dental benefits provided by the KSA's coverage plans with Gallivan. No banking or personal health information was compromised in the breach.