Credit card breach in bookstore system


author: john loeppky | editor-in-chief

no extra credit / Jeremy davis

Letters sent to students to describe provider issue

On Feb. 28 letters were sent to those students affected by a data breach at bookstore system provider PrismRBC. The letter described the details of the breach and how students could protect themselves.  

I am writing to inform you that the University of Regina has been advised by its service provider that a security incident occurred with the eCommerce service used by the University of Regina Bookstore for online purchasing, between January 19 and January 26, 2019. We have been advised that your credit card may have been compromised during your on line purchase transaction. 

“Based on the service provider’s forensic investigation, it appears that an unauthorized party was able to access payment card information, including cardholder names, card numbers, expiration dates and card verification codes, for certain transactions made through the University of Regina Bookstore website. Transactions made outside of this period of time, those made in our on-campus facility and other university transactions were not affected by this incident.” 

We recommend that you review your credit or debit card account statements to determine if there are any discrepancies or unusual activity listed and remain vigilant and continue to monitor statements for unusual activity going forward. You may also wish to contact your credit card provider in order to notify them of the possible incursion, cancel your existing card and request a new card. We also suggest you reset your password for the Univeristy [SIC] of Regina Bookstore website.” 

Affected students were also provided a question and answer sheet and urged to contact information services if they had any more questions. The attached document provided information as to what information was not part of the breach.  

Because we do not collect sensitive information such as Social Insurance Numbers, passport, or driver’s license numbers, this type of information was not affected by this incident. 

This incident affected only e-commerce transactions made on between January 19 and January 26, 2019; transactions made outside of this period of time, those made in our on-campus facility and other university transactions were not affected by this incident. 

A member of external relations said how long Prism has been the University of Regina’s vendor for the bookstore.  

PrismRBC has been the system provider to the Bookstore since 2003. This particular version of the system has been operating here since 2007. This is the first such incident to occur in that time. 

Jordyn Landry was one of those affected by the breach and he said that the breach was badly communicated.  

With the fact that students had no other choice but to use the online bookstore this semester, I feel that this should be more known to the student body because I have friends who used the store and never even got a letter like I did.” 

The Carillon could not confirm whether all affected received letters, outside of external relations’ claim that they did.  

Comments are closed.