Information systems incident contained and repaired

Update – Jan. 15

The University has continued to review the case of unauthorized access to a password-protected web archive containing admission packages. Most admission letters sent between 2015 and 2017 were accessed. The University has confirmed that the data retrieved was not shared beyond the individual who accessed it.

No personal financial or health information was contained in the database and none was disclosed.

One person has been charged in connection with the incident.

While no further action is required by anyone who received an admission package between 2015 and 2017, anyone with questions can email

Update – Nov. 24

With the letters now delivered informing the community about the unauthorized access to the University database, McMaster has received some questions from those impacted.

Some are wondering about what steps, if any, they should next take.

A reminder that no sensitive health or financial information was accessed. No Social Insurance Numbers were contained in the database and therefore, were not accessed.

No one individual was the focus of the unauthorized access. For about 90% of the individuals impacted, individual names, mailing addresses and student numbers were accessed. The remaining much smaller group had dates of birth accessed. Current McMaster students are advised there is no need to change their student number.

It is always advisable to protect your personal information as best you can and to be aware of any irregularities. Should you have concerns, you can report those to the appropriate authorities.

The matter is now before the courts and further information about the charges in the case is available at:

Nov. 20

The University has taken action after discovering an issue in a password-protected database that contains some student admission offer letters.

There was unauthorized access to some of the letters, which contain information such as a student’s name, internal student number and address. In some instances, the information included date of birth.

The letters do not include any personal financial or health information and no sensitive personal information was accessed or disclosed.

McMaster took the database off line and corrected the issue. Those whose information was accessed are being notified.

Hamilton Police were called and are investigating. An individual has been identified and charged in connection with the breach.