Why did I get an email about a third-party publication of information?
The Queen’s IT Services Security team recently became aware of a data breach collection called cit0day that was reported in November 2020. According to reports, the breaches included email addresses and passwords used on several third-party services. This event may have potentially affected multiple accounts here at Queen’s. As a precaution, Queen’s IT Services will expire the passwords of any Queen’s account found to be listed on the accounts list and who have not changed their passwords since November 20, 2020.

What should I do to protect myself?
If you received an email message from IT Services concerning the breach and have not changed your password since November 20, 2020, you will be sent additional emails requesting you to change your password, prior to your password expiring. NetID passwords are changed at https://netid.queensu.ca/selfservice/login/auth

We also encourage you to take the following actions to better protect yourself and your information:

• Do not reuse passwords across your accounts.
  
• If you have used your Queen’s password on multiple sites, we strongly encourage you to change that password on every other site where it has been used.
  
• Be extra diligent of scams that may reference your any third-party account.
  
  What data was compromised?
  According to reports, the breach included account email addresses and account passwords.
  
  Why is Queen’s expiring passwords for potentially breached accounts?
  Queen’s account holders who fail to follow safe password practices are at risk when breaches like this occur. To protect your Queen’s account IT Services are taking this action to prevent account compromises by ensuring all accounts associated with the breach have refreshed passwords since November 20, 2020.
  
  What caused the data breach?
  We have no direct information concerning all the breached services that were identified in the report we received. IT Services obtain breach information from the service called “Have I Been Pwned?”. Visiting the website https://haveibeenpwned.com/ will allow you to enter and check your Queen’s University email address against all publicized breaches that reference your Queen’s email address. The site also provides details about the data breach, including links to additional information.