Students at the University of British Columbia have been warned that their personal information may have been exposed thanks to a software bug.
A flaw in UBC’s electronic funds transfer system caused students to be able to see others’ financial account information, reported the University. The information displayed is “the same information that appears on a personal cheque”, it said in a statement. This included the name of the account holder, a financial institution number, the transit number, and their account number.
The bug occurred because UBC’s web application could not respond fast enough to requests when two students clicked on a link to view their banking details. If the students clicked within a tenth of a second of each other, the student who clicked last would be able to see the first’s account information.
UBC discovered the bug on September 3, removing it two days later. But students were vulnerable to the security flaw for two years, from November 14, 2012, it admitted.
The University did not say how many students had potentially been affected, but believes that only one in 1000 would have actually experienced the bug. It had sent out letters to all students at risk in September. It also notified BC’s privacy Commissioner, officials said.