Why did I get an email about Emotet?
The Queen’s IT Services Security team were recently notified of accounts at risk due to Emotet. This notification included a small number of accounts here at Queen’s. As a precaution, Queen’s IT Services will expire the passwords of any Queen’s account found to be identified and who have not changed their passwords since the list was published.

What should I do to protect myself?
If you received an email message from IT Services concerning Emotet and have not changed your password since, you will be sent additional emails requesting you to change your password, prior to your password expiring. NetID passwords are changed at https://netid.queensu.ca/selfservice/login/auth

We also encourage you to take the following actions to better protect yourself and your information:

• Do not reuse passwords across your accounts.


• If you have used your Queen’s password on multiple sites, we strongly encourage you to change that password on every other site where it has been used.


• Be extra diligent of scams that may reference your account.

What data was compromised?
According to reports, in January 2021, the FBI in partnership with the Dutch NHTCU, German BKA and other international law enforcement agencies brought down the world's most dangerous malware: Emotet. The agencies obtained data collected by the malware and provided impacted email addresses to Have I Been Pawned so that impacted individuals and domain owners could assess their exposure.

Why is Queen’s expiring passwords for potentially compromised accounts?
Queen’s account holders who fail to follow safe password practices are at risk when issues like this occur. To protect your Queen’s account IT Services are taking this action to prevent account compromises by ensuring all accounts identified have refreshed passwords.

What caused the breach?
We have no direct information from authorities about the device or date where your account information was obtained. IT Services obtain breach information from the service called “Have I Been Pwned?” . Visiting the website https://haveibeenpwned.com/ will allow you to enter and check your Queen’s University email address against all publicized breaches that reference your Queen’s email address. The site also provides details about the data breach, including links to additional information.