Leaked data from Montmorency College | The Access to Information Commission was not informed

It wasn’t just students and staff who were left in the dark after the massive leak of personal information at Montmorency College. The Commission on Access to Information (CAI) also “was not informed”. On Thursday at La Presse, a personal data watchman learned of the extent of the damage and said he was “very concerned.”

The message was written yesterday at 10:01.

Hugo Joncas

Hugo Joncas

“The Commission regrets this leak of personal information that affects the community of students, staff and faculty at Montmorency College,” said Commission spokesman Dominique D’Anjou.

At the moment, public authorities are not required to notify the Commission when they are the victims of a leak of information that poses a “risk of causing serious harm.” However, this will have to be done with the new version of the law of September 22.

Despite the lack of commitment, the Commission received 91 such declarations in 2020-2021. CAI also encourages government agencies to “demonstrate transparency” by promptly reporting such incidents.

La Presse reported on Thursday that tens of thousands of college files had made their way into a hidden network (darknet) on the site of hackers who attacked the institution on May 11. The documents contain extensive medical and psychiatric information on staff, records of internal investigations, and identifying information about staff and students, among other things.

In an interview, college CEO Olivier Simard explains that on August 26, the institution discovered that there had been a “big leak”. The College then contracted with a security company to examine the seized documents and establish contact with interested individuals.

“There are various problems associated with accessing data,” he explains. You have to open files that you have to take one by one … This is a huge task, I assure you, there is still a lot of data! »

Silence on the side of the minister of cybersecurity

While the Commission is very concerned about the situation at the College, Minister for Cyber ​​Security and Digital Technology Eric Kayre refrained from commenting despite our requests for an interview.


Cybersecurity and Digital Secretary Eric Carey did not respond to the massive leak of personal data at Montmorency College.

However, its officials are directly involved in the events. They even “tracked the presence of data on an invisible network,” says Laurent Berube, a spokesman for the ministry.

Did they themselves notice the massive leak that management kept under wraps until the La Presse investigation? Did they advise the Board not to disclose this information? Impossible to say.

Crisis management

Following the release of the La Presse report on Thursday, the Montmorency College sent students an email admitting for the first time that “the current situation is very worrying.”

In an interview, Olivier Simard assures that the management intends to “care and take care” of the students and staff who are victims of the leak.


Olivier Simard, CEO of Montmorency College

The Principal lists several actions taken to correct deficiencies identified in 2019 in a letter from the Auditor General during a confidential audit of the College found among the stolen data.

“During the attack, we maneuvered to comply with the recommendations,” says Olivier Simard.

According to the director, cégep has implemented multi-factor authentication and overhauled its data backup infrastructure, as well as tightened standards for passwords.

Back to top button

Adblock Detected

Please consider supporting us by disabling your ad blocker.