OTTAWA – An October 18 ransomware attack has left personal data exposed by the local French-Public school board.
The Conseil des écoles publiques de l’Est de l’Ontario issued a press release November 30 announcing it had been attacked, and that after resecuring the network it was discovered that some files stored at its board office had been stolen and held for ransom.
The board said it had paid the attackers and the data that had been stolen was deleted.
“Protecting members of our community was our priority,” the board said.
Employees who worked for the board from 2000 on may have been part of the dataset that was stolen. The board will notify affected past or current employees affected as their Social Insurance Number, bank account number, unexpired credit card number or date of birth might have been compromised.
Additionally, the board is providing those with compromised data free credit monitoring services for 24 months.
Some current and former students and their families may also have had personal data stolen with this data breach.
“We extend our sincere apologies,” the CEPEO said in a release. “We have already taken steps to imoprove the security of our network as a result of this incident.”
The board added it was continuing its investigation, in cooperation with cybersecurity experts. The data breach has also been reported to the police and the Information and Privacy Commissioner of Ontario.
Ontario’s Ministry of Education does not have a specific policy on dealing with cyber-attacks. Decisions about cyber-security are made by individual school boards. The ministry does have a K-12 Cyber Protention pilot and is developing an standard for responding to incdents, and a communications protocol. Ministry officials are in the process of developing a provincial policy for handling cyber attacks with schools.
The ransomware attack is one of several that has happened at public institutions across Canada this fall. The Kemptville District Hospital closed its emergency room on October 21 after a ransomware attack compromised patient files.
The hospital is still recovering from that attack and operating with paper patient files. On November 4, a ransomware attack compromised Newfoundland and Labrador’s entire health-care records system.