The test database, which contained both real and fictional applicant data, was being used to develop a new Web-based application tool.
Information potentially exposed includes names, addresses, birthdates and social insurance numbers.
"We now know that an individual accessed one of the University's 40 network servers which held information about a number of web-based student applications," university president and vice chancellor Deborah Poff said in a statement. "The data base included the applicant's name, address at the time, date of birth and, in some cases, their social insurance number. No financial information or academic records were involved."
CBC News reports that the university didn't learn of the access until the hacker contacted them by e-mail.
"We thought the easiest thing to do was ask the individual to give us some evidence that this is the case, and on that day they did, so we knew that at least one record had been accessed," Poff told CBC News.
Photo courtesy of Shutterstock.