Imagine waking up one morning and finding your secure, confidential major donor files on the Internet. That’s what happened at McGill University after donor files were somehow stolen from its development office and published in two installments, the first in March 2012 and the second in April of this year.
In both instances, the university’s legal department promptly contacted the server hosting the information, and the files were taken down.
Neither the university nor Montréal police have uncovered those responsible despite their investigations, which began immediately after the first files were published.
Thieves also penetrated student society IT
The data thieves use the name McGillLeaks for themselves and their website. When they published the second set of documents, someone with a legitimate password alerted McGill students through the student society listserv. (That’s also a significant breach of computer security, but it doesn’t appear to be making nearly as many headlines as the document leak.)
Their e-mail says, in part:
From sources whose anonymity will be protected, we have received hundreds of University documents, many marked confidential or strictly confidential, pertaining to McGill’s corporate fundraising efforts.
In March 2012, we released to the public about one third of the documents in our possession. McGill University took legal action that delayed our release of the other documents. These focus on McGill’s fundraising activities in the oil and gas, mining and financial sectors.
We are pleased to now make public these remaining documents, available for download below.
In addition to strategy briefs, memos, funding proposals and research on corporate donors, some profiles of individuals, mainly executives of major companies, are included for their relevance to McGill’s broader corporate fundraising strategy.
Crisis control
After the second round of document, publication, the development and alumni relations department contacted all its donors on April 9 to assure them that there had not been a second security breach. Banking and credit card information had not been exposed, they stated, and investigations were ongoing. Officials were contacting each individual whose file had actually been published.
McGill representatives have declined to comment on the incidents to Hilborn Charity eNEWS, citing the confidentiality of the police investigation.
There are corporate donors? Really?
On the original McGillLeaks website in 2012, the group stated its objectives were to “provide a clear account of a corporate university’s inner workings, including how the university goes about acquiring capital and expanding its reputation,” supply “accurate information on the university’s relationship with the private sector,” and create “transparency within the university.”
Is information such as family members’ names, home values, giving history and capacity, and notes such as “frequent clashes in business as well as in his personal life” actually relevant to those objectives?
Writer, research scientist and McGill graduate Beverly Akerman doesn’t think so. After the first leak, she noted on her blog that “the affairs of the rich and infamous are often paraded as ‘news’ for the amusement of the hoi polloi.”
The comments that have been posted in response to coverage by The McGill Daily and various blogs reflect predictable, and perhaps adolescent, outrage over any possible connection between their University and anyone who might be connected with any corporation that might possibly ever influence McGill’s research or academic direction. But again, Beverly Akerman weighs in with a much more realistic view:
What the documents reveal foremost is the tremendous undertaking that is major modern fundraising. But is it a surprise that an enterprise like McGill, which raises hundreds of millions of dollars, would do so in an organized, systematic manner?
Could we expect any less?
Do the people at The McGill Daily or McGillLeaks really think this kind of money is raised over a couple of beers at Gert’s? [a bar operated by The McGill Student Society]
It's very likely that Akerman's nuanced view will be the one more widely held by McGill's donors. But these episodes should drive us all to review the security of our physical document storage, our IT access, and the procedures and precautions required of the human beings who access them.
