MacEwan University in Edmonton has been defrauded of $11.8 million in a so-called phishing attack.
The university says workers were fooled by a series of fake emails asking them to change electronic banking information for one of the school’s major vendors.
The change resulted in the transfer of nearly $12 million into a bank account staff thought belonged to the vendor, but on Wednesday, officials found out they had been scammed.
University spokesman David Beharry says most of the funds have been traced to accounts in Canada and Hong Kong.
Beharry says the university has conducted an interim audit of business processes and controls were put in place to prevent further incidents.
He says the university’s computer systems have not been compromised, but a preliminary assessment has determined that controls around the process of changing vendor banking information were inadequate.
He says a number of opportunities to identify the fraud were also missed.
“There is never a good time for something like this to happen, but as our students come back to start the new academic year, we want to assure them and the community that our IT systems were not compromised during this incident,” Beharry said in a news release.
“Personal and financial information, and all transactions made with the university are secure. We also want to emphasize that we are working to ensure that this incident will not impact our academic or business operations in any way.”
MacEwan has informed both the minister of advanced education and the province’s auditor general, as well as other interested parties, Beharry said.