A cyberattack targeting Vancouver Film School has left students with a big lump of coal as they prepare to wrap their term in time for the holidays.
“VFS has been impacted by and is investigating a suspected cyber incident. We are currently investigating and are taking all steps possible to contain and mitigate any associated risks,” Tom Fedechko, the school’s head of preparatory studies, told students in a Nov. 29 email obtained by BIV.
The school offers courses to about 1,000 students across eight campuses.
Some VFS classes have been cancelled and those arriving at various campuses this week have found all computers have been shut down until further notice, according to a source with knowledge on the matter.
Staff and students are being urged not to connect their own personal devices to the VFS network.
The school’s Wi-Fi network is also not operating, meaning staff and students are resorting to using their personal wireless data to send messages while on campus.
BIV reached out to school officials over phone and email to request an interview.
In a subsequent text message, VFS head of marketing Evan Biswanger repeated some of the statements Fedechko sent in the email to students and added that the school does not have evidence that any personal information was affected by the cyberattack.
BIV has followed up with additional questions and will update the story upon hearing back.
Fedechko said in the email to students that it’s unclear when this cyberattack will be resolved and VFS is looking at tapping third-party experts to help with the situation.
“[Tuesday] was spent working out and communicating a schedule of classes that could be delivered tomorrow over Zoom without the use of email, [learning platform] Moodle, network drives, etc.,” he said. “Please keep in mind that we cannot properly reschedule classes until we have our scheduling software running again – hopefully very soon. We have tentative dates for some lessons but we will have to wait to confirm them.”
Cybersecurity expert Dominic Vogel said post-secondary institutions are ripe targets for cybercriminals that take aim at schools that have much lower IT and cybersecurity budgets than corporations.
“There’s still a lot of misunderstanding among the executive ranks in the post-secondary institution field where they still don’t see that cyber risk is something that can affect them,” said the founder and chief strategist at Vancouver-based Cyber SC.
He said the frontline IT and cybersecurity experts employed at smaller institutions are frequently overworked and their departments are often understaffed.
“The people who work on the frontlines work extremely hard,” Vogel said.
“If anything, it’s a wake-up call for their boards … they are not allocating an appropriate budget and they are not taking these risks seriously.”
He said larger institutions such as the University of British Columbia, Simon Fraser University and the University of Victoria have been investing quite significantly in their cybersecurity budgets.
Students should be visiting the websites of the schools they attend to see how transparent those institutions are about their cybersecurity investments, Vogel added.
“Hold them accountable. You’re paying good money to go there,” he said. “You have a right to know how they’re protecting your data.”