In an email sent to students, UBC staff say the bug in its Student Service Centre (SCC) dates back to a software update made in November 2012. The university says it remained undetected until September of this year since it was rarely triggered.
The bug would cause one user's information to be displayed to the next user.
"The risk that you have been affected by this bug is extremely low," said Kate Ross, UBC's registrar in the notice sent to students.
"Even if you have been affected, the consequences are minimal," said the note. "Nonetheless, we believe that it is our responsibility to keep you informed of such matters."
UBC says the bug was fixed within 48 hours of it being found.
Ross says according to the university's calculations, the bug was triggered in one out of 1000 transactions.
"Even if you were among the one in a thousand who may have been affected by this bug, the only information that could have been seen by another user was your Electronic Fund Transfer (EFT) information (account holder name, financial institution number, transit number, and account number)" said Ross.
She notes it is not enough information to let someone access another's bank account.
Ross says UBC has notified B.C.'s Information and Privacy Commissioner, but does not wish to raise students' concerns too much.
"UBC IT [Information Technology] actively monitors its major software systems for reliability and security," said Ross.
"This bug has been rectified and we have confirmed that no similar bugs exist elsewhere in the system. We are confident in the reliability and security of the SSC and want to reassure you that your personal information is well-protected by the University," she says.
Students who are concerned are asked to check their recent bank transactions and visit UBC's IT webpage.