Financial, medical information stolen during cyber attack on Rainbow District School Board
A major school board in the Sudbury area is offering more details on the severity of a recent cyber attack, and what information was compromised.
The Rainbow District School Board,says the cyber criminals responsible for an attack on the board's computer systems earlier this month stole sensitive personal information belonging to staff and students – including social insurance numbers and bank account information belonging to current and former staff members; social insurance numbers belonging to former students who received scholarships; and medical information for current and former students.
The data breach affects people who worked for the board as early as 2010 and students who attended a school in the Rainbow District School Board as early as 2011.
"We take this matter very seriously and apologize to all those who are affected," the board wrote in a notice posted to its website on Thursday.
"We understand this news will be as concerning to you as it is to us and we are deeply sorry."
Hackers accessed SINs belonging to scholarship recipients
Criminals may have accessed the following information belonging to students, the board said:
Personal information, including contact information, birth dates, academic achievement data, Ontario Education Numbers and, in some cases, medical and immigration information for all students who graduated between June 2012 and June 2024.
Assessment information, medical diagnoses, health card numbers, behavioral information and information about accommodation and student support needs belonging to current and former students with identified exceptionality who have been enrolled in an Intensive Support Program (ISP) since 2019.
Contact information and place of employment information for parents of the above groups.
Social insurance numbers for former students who were enrolled in a Rainbow School since 2011 and who received a scholarship and a T4A slip for income tax purposes.
In addition, the attack exposed school photos from the 2012-2013 to 2024-2025 school years. However, those photos are not attached to names or other identifying information, the board said.
Anyone employed by the school from January 2010 onward is also affected, including full-time, part-time and occasional staff, it said.
Hackers accessed the following data:
Address and primary phone numbers of staff members from 2010 onward.
Social insurance numbers of staff members from 2012 onward.
Bank account numbers of staff members from August 2017 onward.
Employee ID/compensation and benefit information/Ontario Ministry Educator Number (for teachers only) and police background check information for employees from September 2018 onward.
In addition, they may have accessed medical information such as doctor notes, physical abilities forms and leaves of absence forms belonging to staff members from 2022 onward.
The Rainbow District School Board has reported the cyber crime to the Greater Sudbury Police Service and the Ontario Provincial Police, the board said.
It is offering a two-year TransUnion credit monitoring service, free of charge, to all current and former staff whose personal information was compromised.
It's offering the same service to affected scholarship recipients whose social insurance numbers have been compromised and who have reached the age of majority.
Former students who wish to sign up for the service should contact cyberincident@rainbowschools.ca, the board said. Staff and former students who believe they have been victims of identity theft related to the incident should email the same address.
The president of the Ontario Secondary School Teachers' Federation district serving Espanola, Manitoulin and Sudbury said he's heard from members who are concerned about the breach.
But Eric Laberge said some are also experiencing déjà vu.
Teachers hit with cyber attack previously
"This is something that they – for the most part, especially those that have been hired more than three years ago – have gone through already," Laberge said.
"Because there was a cyber incident with our provincial federation."
The Rainbow board began experiencingtechnical difficulties with its computer system on Friday, Feb. 7, officials said.
Officials took measures to protect the network and the data stored on it, they said, beginning a system-wide shutdown 10 a.m. that day at the Centre for Education and all 38 public schools in Sudbury, Espanola and on Manitoulin Island.
By mid-afternoon, the board had confirmed and announced that the technical difficulties were due to a cyber incident.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
CBC
20-02-2025
- CBC
Financial, medical information stolen during cyber attack on Rainbow District School Board
A major school board in the Sudbury area is offering more details on the severity of a recent cyber attack, and what information was compromised. The Rainbow District School Board,says the cyber criminals responsible for an attack on the board's computer systems earlier this month stole sensitive personal information belonging to staff and students – including social insurance numbers and bank account information belonging to current and former staff members; social insurance numbers belonging to former students who received scholarships; and medical information for current and former students. The data breach affects people who worked for the board as early as 2010 and students who attended a school in the Rainbow District School Board as early as 2011. "We take this matter very seriously and apologize to all those who are affected," the board wrote in a notice posted to its website on Thursday. "We understand this news will be as concerning to you as it is to us and we are deeply sorry." Hackers accessed SINs belonging to scholarship recipients Criminals may have accessed the following information belonging to students, the board said: Personal information, including contact information, birth dates, academic achievement data, Ontario Education Numbers and, in some cases, medical and immigration information for all students who graduated between June 2012 and June 2024. Assessment information, medical diagnoses, health card numbers, behavioral information and information about accommodation and student support needs belonging to current and former students with identified exceptionality who have been enrolled in an Intensive Support Program (ISP) since 2019. Contact information and place of employment information for parents of the above groups. Social insurance numbers for former students who were enrolled in a Rainbow School since 2011 and who received a scholarship and a T4A slip for income tax purposes. In addition, the attack exposed school photos from the 2012-2013 to 2024-2025 school years. However, those photos are not attached to names or other identifying information, the board said. Anyone employed by the school from January 2010 onward is also affected, including full-time, part-time and occasional staff, it said. Hackers accessed the following data: Address and primary phone numbers of staff members from 2010 onward. Social insurance numbers of staff members from 2012 onward. Bank account numbers of staff members from August 2017 onward. Employee ID/compensation and benefit information/Ontario Ministry Educator Number (for teachers only) and police background check information for employees from September 2018 onward. In addition, they may have accessed medical information such as doctor notes, physical abilities forms and leaves of absence forms belonging to staff members from 2022 onward. The Rainbow District School Board has reported the cyber crime to the Greater Sudbury Police Service and the Ontario Provincial Police, the board said. It is offering a two-year TransUnion credit monitoring service, free of charge, to all current and former staff whose personal information was compromised. It's offering the same service to affected scholarship recipients whose social insurance numbers have been compromised and who have reached the age of majority. Former students who wish to sign up for the service should contact cyberincident@ the board said. Staff and former students who believe they have been victims of identity theft related to the incident should email the same address. The president of the Ontario Secondary School Teachers' Federation district serving Espanola, Manitoulin and Sudbury said he's heard from members who are concerned about the breach. But Eric Laberge said some are also experiencing déjà vu. Teachers hit with cyber attack previously "This is something that they – for the most part, especially those that have been hired more than three years ago – have gone through already," Laberge said. "Because there was a cyber incident with our provincial federation." The Rainbow board began experiencingtechnical difficulties with its computer system on Friday, Feb. 7, officials said. Officials took measures to protect the network and the data stored on it, they said, beginning a system-wide shutdown 10 a.m. that day at the Centre for Education and all 38 public schools in Sudbury, Espanola and on Manitoulin Island. By mid-afternoon, the board had confirmed and announced that the technical difficulties were due to a cyber incident.
CBC
19-02-2025
- CBC
School bus driver faces 3 careless driving charges following January crash in Sudbury
Ontario Provincial Police have charged a school bus driver with three counts of careless driving following a crash in Sudbury's south end on Jan. 20. Seven students and the bus driver were taken to hospital following the crash involving a commercial vehicle. The bus driver was treated for life-threatening injuries. Following an investigation, police charged the 50-year-old driver with three counts of careless driving causing bodily harm. At the time of the crash there were 12 students aboard the bus. Sudbury Student Services Consortium, which manages school buses for the four school boards in the region, said some students on the bus were from the Rainbow District School Board and some from the French public board, known as Conseil Scolaire du Grand Nord. Renée Boucher, the consortium's executive director, told CBC News she's worked at the transportation service since 2003, and this was the first time she's had to deal with a serious crash. "We've had other collisions in the past and we've had minor collisions, minor injuries, but this is the first," she said. "So it's very difficult, of course, for everyone."
CBC
09-01-2025
- CBC
Sask. breached privacy by mailing 415 tax slips to wrong people: commissioner
Social Sharing Saskatchewan's Ministry of Advanced Education caused a privacy breach last year when it mailed out 415 tax slips to the wrong people, according to the office of the province's information and privacy commissioner. Along with confirming the privacy breach, the commissioner's office found the province's response to be "inadequate." The commissioner found the province did not properly inform those affected about potential risks from the privacy breach and failed to offer credit monitoring. "The circumstances here weigh in favour of a recommendation that credit monitoring be offered," the report reads. The breach happened in February 2024 when an employee with the Ministry of Advanced Education responsible for producing mailing labels made a mistake when working on an Excel spreadsheet. The "senior employee" was not aware of configuration changes in the software and as a result the printed labels had the incorrect address, according to the report. That meant 415 "Statement of Pension, Retirement, Annuity, and Other Income" forms, better known as T4A slips, went to the wrong people. Due to some people receiving more than one T4A slip, the breach only affected 277 people. According to the commissioner's report, the slips contained private information such as social insurance numbers, financial information and potential details about whether an individual had a disability. 154 unaccounted T4A slips Officials with the ministry acted appropriately to contain the breach once it was discovered, according to the report. However, 154 T4A slips affecting 121 people remain unaccounted for. While the ministry notified everyone affected by the breach, it failed to include a description of the possible types of harm or advice on what actions could be taken. The commissioner's office recommended that the ministry update its forms so that any future notifications of a privacy breach provide victims with the best information possible. The report says the ministry is already working on eliminating paper and mailing within its tax slip process. That should be in place by fall 2025. Officials also failed to offer affected people credit monitoring — a key response when the privacy information disclosed includes something like a social insurance number, according to the privacy commissioner. The commissioner recommended those affected by the breach be offered credit monitoring within 30 days.
