SSMU Listserv Compromised
09 Apr, 2013
An unauthorized mass email was sent to all members on the SSMU mailing list at around 8:45pm on Monday night from the account of SSMU VP Internal Michael Szpejda. The email, issued from a group calling themselves McGillLeaks, contained a link to a torrent file filled with confidential information regarding the university’s corporate fundraising activities for the community to download.
SSMU reacted within an hour to the email to apologize and state that they are investigating how the group gained unauthorized access to Szpejda’s account. President Josh Redel made it clear that the unauthorized access to the email host MailChimp was not threatening to the private information of students, noting that “no personal information beyond your McGill email is stored in MailChimp.”
The torrent file included McGill’s fundraising portfolios for various companies including Hydro Quebec, Motorola, Suncor Energy, various banks and more; strategy and research proposals for mining and energy companies operating in the province; personal profiles on potential donors; and meeting briefs for Principal Heather Munroe-Blum.
The briefs for Principal Munroe Blum have itineraries and list the purpose of visits and meetings such as to “cultivate and solicit a number of key prospective donors” and “ascertain the interest and potential capacity for a leadership gift from the Bank of Montreal to McGill.”
Many of the documents include suggestions for sales pitches. One, dated December 2007, illustrates McGill’s attempt to fundraise from Paul Desmarais, the fourth wealthiest Canadian according to Forbes. “He indicated that we should aim in the area of $5 million [in donations from Desmarais],” the document notes. “In a subsequent discussion between the Principal and Marc Weinstein it was determined that McGill should aim higher – closer to $10 million, possibly $12 million.”
The email sent to students yesterday explains that McGillLeaks received the confidential documents from “sources whose anonymity would be protected” for the purpose of making McGill’s inner workings and dealings with the private sector more transparent. McGillLeaks added that they were not intending to expose “a specific scandal, unethical practice or crime,” but rather wanted to provide a clear account of the university’s role and functions.
McGillLeaks has released sensitive information before. As their latest message explains, this round of documents is the remainder of an earlier leak from March 3, 2012. After this initial leak, McGill condemned the breach of privacy and noted that they will take legal action against those responsible. Oliver Marcil, Vice Principal of External Relations, called the group’s action “a crime against the university.”
Regarding Monday’s leak, in an interview with The Bull & Bear Redel said that McGillLeaks has “never used this method of communication before” and stated that SSMU has no official stance towards McGillLeaks. He also specified that the email was not hacked, but “accessed with the password for our email address.” SSMU has been in contact with their insurance companies to ensure that this mishap does not recur.
Update (April 9, 7pm): The screenshot of the McGillLeaks email has been removed at the request of Dean of Students Andre Costopoulos.