Privacy breach impacting Academic Supplementary Retirement Plan members between 2013 and 2016

28 July 2022

Approximately 1,000 Academic Supplementary Retirement Plan (ASRP) members (between 2013 and 2016) were recently impacted by a privacy breach resulting from a limited cybersecurity incident on July 6. With the assistance of external cybersecurity experts, the University of Alberta took immediate steps to contain the incident. There is no indication any data was removed from the University’s network. 

On July 20, the University notified the Office of the Information and Privacy Officer (OIPC) of Alberta about this incident. On July 28, the University sent direct mail notifications and offered supports to the individuals affected by this breach. For additional information, these individuals are encouraged to reach out directly to the contact centre that has been set up. 

The University of Alberta takes the protection of privacy seriously and is fully committed to safeguarding our information systems, data and IT resources. We are constantly updating our cybersecurity measures according to the latest industry standards. 

Questions and Answers

How can I confirm whether my personal information was compromised by this breach?

On July 28, the university sent direct mail notifications to the approximately 1,000 individuals affected by this privacy breach. Only those who have been directly impacted by this event will receive a notification letter that includes information about the supports available to them, including call centre contact information. If you do not receive a letter by August 15, 2022, you have not been impacted.

How do I access my ASRP annual statements?

Copies of your ASRP annual statements for the years 2013 through 2016 will be accessible online here as of August 4, 2022. Copies of all your ASRP annual statements, for all years, will be accessible as of September 1. Please note: you will require your University-issued credentials to access your statements. If you have difficulty logging in, please contact the Staff Service Centre.

How is U of A staff and student data protected?

The University takes the protection of privacy seriously. We have a number of cybersecurity measures in place, which we continuously review and update in order to safeguard data, systems and IT resources. You can find more details about the University’s cybersecurity measures on our Information Security webpage

What steps can I take to protect my personal data? 

We encourage all staff, faculty and students to take steps to keep your computer secure and use IT resources responsibly, all of which plays a key role in protecting against cybersecurity risks. For example, we invite you to review our webpage regarding how to detect phishing attacks.

The University can also offer end-point security measures (e.g., virus scanning) for those affected by the breach to apply on home/personal computers. If you are interested in this service for your home/personal computer, please contact the Staff Service Centre.

All U of A employees (faculty and staff) are required to take general Online Privacy and Security Training as well as specialized cybersecurity training if you manage personal or protected data as part of your jobs.

More details for staying cybersafe are available on our Information Security webpage. 

If you have any further questions about privacy in relation to this incident, please contact the U of A’s Information and Privacy Office. (Contact options updated 2024)