BC Freedom of Information and Privacy Association
Your Data Your Rights
The University of Manitoba Students’ Union has issued an alert about an “accidental disclosure” of member information to candidates running in an upcoming campus election.
Student names and identification numbers, as well as their school emails and faculties, were mistakenly shared with 30 campus leader hopefuls via email on Feb. 12, per a statement on the UMSU website.
The post, made eight days after the incident, does not explicitly say how many of the union’s approximately 26,000 members have been affected.
The Manitoban — the student-run newspaper at U of M that broke the story — reported the leaked spreadsheet in question contained information about 24,404 members.
Given the information that was released is an eligible voters list, editor-in-chief Milan Lukes said it could influence the vote scheduled for next month.
The situation is troublesome both because the data could have bolstered nomination submissions and it gives some candidates an unfair advantage as campaigning gets underway, Lukes said.
The breach took place one day before UMSU election nominations closed; every student seeking one of five executive positions must obtain virtual signatures from at least 100 members of the union.
“You don’t actually need to go to each and every one of those 100 students and ask for their signature. You can merely obtain the information from that sheet — provided your morals sink that low,” Lukes said.
The Manitoban boss noted not all candidates received the leaked list so they cannot subsequently send a campaign blast to recruit supporters.
Union president Divya Sharma, who is not seeking re-election, did not immediately respond to requests for comment Monday.
In a public notice, UMSU said the breach was not the result of a cybersecurity attack and no financial information was involved.
“We apologize for the stress and inconvenience…. While the risk associated with this type of data disclosure is lower, we understand the importance of protecting personal information and deeply regret any concern this may have caused,” per the memo.
It states the executive team learned of the breach on Feb. 14 at 9 a.m., after which the union initiated an email recall, requested recipients delete the memo and began reviewing internal data protection policies.
(It is unclear whether any current executives who are seeking re-election received the list and would have known about it beforehand.)
All students are now being urged to remain vigilant for potential phishing attempts from anyone impersonating UMSU in the wake of the incident.
The 2025 UMSU elections are scheduled for March 6 and 7. Members can cast ballots either in person or online.
Lukes described the total list of job-seekers as “astronomical” this year.
There are 34 student candidates vying for 13 positions, including the president and four other executive roles.
The Local Journalism Initiative (LJI) is a federally funded program to add coverage in under-covered areas or on under-covered issues. This content is created and submitted by participating publishers and is not edited. Access can also be gained by registering and logging in at: https://lji-ijl.ca
You can support trusted and verified news content like this.
FIPA’s news monitor subscribers, donors and funders help make these available to everyone rather than behind a paywall. We appreciate every contribution because it makes a difference.
If you found this article interesting and useful, please consider contributing here.
