On October 1st CCS temporarily locked 125 people out of their my.ryerson accounts. That meant they could not access their email, RAMSS, D2L, and other Ryerson services until they worked with the CCS help desk to unlock their account.
Earlier that week, CCS became aware that a database containing stolen usernames and passwords was available online. Ryerson email addresses made up 20,261 of the millions of database entries.
Since the database is readily available online, anyone at Ryerson who used the same password at other breached web sites might be at risk.
Ryerson’s IT security team obtained the password database and found 155 accounts where the passwords were identical.
Almost all of the 155 accounts were not protected by two-factor authentication, which would have helped protect them from attackers using the breached database.
Please accept our apologies for any frustration or inconvenience caused by the actions we took to protect these accounts.
-Computing and Communications Services