ShinyHunters’ recent attack on Quercus is one of many attempts by scammers and hackers to breach U of T students’ privacy. Luckily, no sensitive information was leaked, as only student IDs, names, and messages were at risk. However, the sheer scale of ShinyHunters’ operation should signal to the U of T administration that it needs to step up its protections for students’ cybersecurity. According to David Shipley, CEO of Beauceron Security, this data breach is the “largest educational IT hack in history.” This time, the blame lies with Quercus’s parent company Instructure, however I believe this recent hack should be a wake-up call for U of T to invest more into resources that protect its students’ cybersecurity. 

One ongoing attempt to breach students’ privacy is the constant flow of phishing emails to their U of T Outlook inboxes. Students who interact with these emails — clicking on links or forwarding them to friends — find their accounts quickly hijacked by the hackers. Especially for new students, who haven’t encountered official U of T communication before, threats and requests from scammers can seem legitimate and are usually flagged as “High Importance.”

Additionally, some students have been reported to receive calls from scammers who gain access to other student emails and impersonate law enforcement officers. International students, particularly, are targeted by these scammers, who threaten arrest and even deportation unless they pay the demanded amount. 

Despite an IT budget of $67.7 million in 2025-2026, U of T has yet to be successful in stopping these blatant attacks on student digital safety. 

If students encounter a phishing email, they should report it on Outlook and delete the message. If they clicked a link or attachment, they should report a security incident by contacting their local U of T IT help desk, and notify the University Privacy Office if their personal information is involved. 

Why are the systems students rely upon so vulnerable to attack? And why has the university only been able to offer band-aid solutions? Going forward, U of T must be more proactive in combatting threats to students’ cybersecurity.

Mikhala Enns is in her third year studying History and Peace, Conflict and Justice at U of T.