Gale security incident and what it means for McGill Library users
Gale/Cengage, a publisher of several databases to which the McGill Library subscribes, including the Gale Digital Scholar Lab and Gale Primary Sources, recently announced a data breach of their systems. According to their web site, “there is no indication that any of the information exposed in this incident has been used inappropriately as the sites only collected names and email addresses. There is no evidence that other information was impacted.”
When using any Gale product from the McGill Library’s web site, no personal information is transmitted to Gale. This publisher would only have a McGill user’s name and email address if that user proactively provided that information to Gale, for example, when creating an account on the Gale site to save search results or other work in one of their databases for later access.
McGill users may be affected by this breach, but it should be limited to users who actively provided their name and email through a Gale product, and only the name and email provided (which might or might not be a McGill address) would have been exposed if the user was affected. Users whose names and email addresses were exposed are receiving individual emails directly from Gale with the subject line “Notification Regarding Gale Security Incident.”
There are a number of steps you can take to protect your personal information online:
- Set up strong passwords unique to each account following these guidelines: http://kb.mcgill.ca/it/easylink/article.html?id=1873
- Add additional protection to your McGill account by enabling two-factor authentication: https://www.mcgill.ca/2fa/
- Take advantage of McGill's free cybersecurity training: https://www.mcgill.ca/it/channels/news/cybersecurity-sitcom
If you have any concerns or questions about this, please don't hesitate to contact web.library [at] mcgill.ca