Incident Notice: Food Bank
What happened?
The UO Food Bank is operated by the UOSU. The UO Food Bank uses Google Forms to obtain requests for food (Food Order Form) from UOSU members. An employee of the UOSU mistakenly and unintentionally configured a Google Form so that it contained a link entitled “See previous responses”. By clinking on the link, those accessing the page would be able to view the information of individuals who had previously completed the form.
This information was available from December 7, 2020 to January 5, 2021. The Food Order Form was removed from the UO Food Bank website immediately upon the identification of the issue.
What information was involved?
The completed Food Order Forms used for this Fall contained the following information: name; email address(es); student number; language preference; food choices; phone number (if provided); pick-up date and time; whether you agreed to wear a mask; feedback (if provided).
The completed Food Order Forms used for this Summer contained the following information: name; email address(es); student number; language preference; food choices; reasons for the order; phone number (if provided); pick-up method, date and time; whether you agreed to wear a mask; delivery address (if provided); feedback (if provided).
How many individuals were affected?
What are we doing?
The “See previous responses” link was immediately removed from the UO Food Bank website.
We have arranged and paid for Equifax to provide those affected with a one (1) year subscription to their Complete Premiere Credit Monitoring and Identity Theft Protection Service.
We are taking steps to ensure that such an incident does not occur again, including revising our processes for collecting personal information to reduce the risk that personal information could be mistakenly made available to unauthorized individuals.
*Individuals affected will directly receive a communication from the UOSU shortly.*
Next steps?
- Instructions on how to enroll in the Equifax program free of charge: affected students will shortly receive instructions on how to enroll in the Equifax program free of charge.
- Credit Monitoring and ID Protection: affected students are asked to enrol in the Equifax Complete Premiere credit monitoring and Identity theft protection service
- Watch for Phishing: Affected students are asked to be alert for “phishing” emails or text messages by someone who acts like they know them and requests sensitive information over email, such as passwords, Social Insurance Numbers, or bank account information. Do not open attachments or click on links in emails or text messages from senders that are unknown or are unexpected. Review email addresses and the names in links to ensure that they have not been modified. It is common for a malicious actor to slightly alter an email address or a website link in the hopes that the reader will not notice. Do not respond to unsolicited offers of financial assistance that appear to be from the UOSU or anyone associated with us.
- Review Statements: Remain vigilant against potential identity theft or fraud. Regularly review and monitor account statements and credit history for any signs of unauthorized transactions or activity.
- Free Credit reports: Canadians are entitled to obtain a free credit report from each of Equifax and TransUnion to review their credit file for signs of fraud or identity theft. This is in addition to the Complete Premiere Credit Monitoring and Identity Theft Protection Service that is being provided free of charge by the UOSU to affected students.
- Equifax Canada: www.equifax.ca; 1-800-465-7166
- Transunion: www.transunion.com; 1-800-663-9980
- Fraud Alerts: Affected students may also consider placing a fraud alert on their credit file that requires businesses to verify their identity before issuing a credit. Students may arrange for this service directly through the credit reporting agencies listed above. There is a charge of this service and it can only be made available to a person with their express consent.
- Report Identity Theft or Fraud: If an individual suspects that they may have been a victim of identity theft or fraud, they should consider contacting their local police and visit the Canadian Anti-Fraud Centre for support (http://www.antifraudcentre-centreantifraude.ca). They should also review the RCMP’s Identity Theft and Identity Fraud Victim Assistance Guide for steps they can take if they are the victim of identity theft or identity fraud. Visit www.rcmp-grc.gc.ca/scams-fraudes/victims-guide-victimes-eng.htm.
Who can I contact for further information?
If you have any questions about this incident, please contact Tim Gulliver, Advocacy Commissioner (819-588-2513).
This incident notice was amended at 7:30pm, on January 11, 2021.