A chilling revelation has emerged regarding a cyber attack that struck a Northern Ontario school board in February. The Rainbow District School Board recently disclosed that sensitive personal information, potentially spanning decades, may have been compromised.
The initial breach, reported months ago, has now expanded in scope. A painstaking nine-month investigation, conducted with cybersecurity experts, revealed a far wider range of exposed data than originally anticipated. This wasn’t a quick assessment; it was a deep dive into the potential fallout.
Former employees represent a significant portion of those at risk. Individuals who worked for the board between 2005 and 2009, and did not return after 2010, likely had their Social Insurance Numbers exposed – a critical piece of information for identity theft.
The impact extends further back in time. Current and former employees from 2002 may have had their bank account numbers, employee IDs, addresses, and even annual salaries compromised. This represents a substantial risk of financial fraud.
Beyond employee data, the breach also affected benefit program participants. Names and phone numbers of beneficiaries enrolled in 2009 and 2016 were potentially exposed. Criminal record check information submitted between 2012 and 2019 also fell victim to the attack.
The reach of this cyber incident extends to students, and across a remarkable timeframe. Data breaches potentially affected students attending schools from 1966 to 2024, including dates of birth, student identification numbers, and grades.
Specific schools are at the center of student data concerns. Alumni of Lo-Ellen Park, Lockerby Composite, Confederation, Capreol, and Northeastern Secondary Schools – particularly those from 1989 to 2024 – may be affected. Student athletes from Lo-Ellen Park, spanning 1966 to 2012, are also potentially vulnerable.
International students who registered in 2013, 2014, and 2020 face the risk of compromised passport information, alongside their dates of birth and gender. The breadth of impacted student records is deeply concerning.
Further investigation revealed potential breaches of student data from Cyril Varney Public School, Lo-Ellen Park, Lively District, and Confederation Secondary Schools between 2006 and 2010. This included dates of birth, student IDs, phone numbers, attendance records, and grades.
Even voters in the Greater Sudbury area are not immune. Personal information of residents eligible to vote in the 2022 municipal election, including dates of birth and addresses, was also likely compromised. The attack’s reach is surprisingly broad.
The Rainbow District School Board is urging anyone experiencing fraud potentially linked to this incident to immediately contact them at cyberincident@rainbowschools.ca. They have also reported the breach to the Information and Privacy Commissioner of Ontario.
The board has expressed sincere apologies for the incident, emphasizing their commitment to transparency, accountability, and regaining the trust of those affected. This is a stark reminder of the ever-present threat of cyberattacks and the importance of safeguarding personal information.