A separate and extensive data breach has been uncovered at the Upper Canada District School Board (UCDSB) in early January. Unlike the PowerSchool data hack that has impacted schools across six Canadian provinces and several U.S. states, UCDSB officials have confirmed that their breach is independent of that incident.

The cyberattack, which initially led to a complete shutdown of the board’s internet services on January 5, has now been revealed to have compromised personal data belonging to thousands of students, employees, former students, and donors.

Thousands Impacted by Unauthorized Data Access

The breach affects a broad swath of the UCDSB community:

  • Students: Anyone enrolled at a UCDSB school from 2010 to the present has had their personal identification information—such as name, address, contact details, and academic records—compromised.
  • Special Education Students: Sensitive information, including medical diagnoses, accommodation reports, and behavioral incident reports, was also exposed.
  • Employees: Current and former employees dating back to 1999 may have had their social insurance numbers, direct deposit banking details, work history, and other personal information accessed.
  • Bursary Recipients: Any former student who received a bursary through a UCDSB school since 2001 is potentially affected.
  • Donors: Individuals who have contributed to UCDSB schools or to the board’s Champions 4 Kids foundation may also be impacted.

Despite initial assurances that no data had been compromised, board officials issued a statement confirming the breach. “The Board’s investigation has revealed that the perpetrators of this cyberattack stole personal information concerning members of the UCDSB community. We understand this news may be concerning for people, and we are deeply sorry,” the statement read.

Investigation and Risk Assessment

UCDSB has reported the breach to the Brockville Police Service and the Information and Privacy Commissioner of Ontario. While acknowledging the severity of the breach, board officials have stated that cyber experts believe the risk of publication and misuse of the stolen data is low.

To assist those affected, UCDSB is offering a two-year credit monitoring service through TransUnion. However, the board has not provided an official estimate of the total number of individuals impacted. Based on Ministry of Education enrollment data, it is estimated that approximately 52,000 current and former students are affected. Including parents and guardians, that number could rise to around 160,000 people. Additionally, over 4,000 employees work for the board each year, further expanding the potential number of victims.

Not Linked to PowerSchool Breach

In response to concerns about whether this attack is connected to the recent PowerSchool data hack, UCDSB has firmly stated that the two incidents are unrelated. The PowerSchool breach, which emerged in December, impacted school systems in multiple provinces and U.S. states. The UCDSB attack, however, was a separate cyber event that resulted in extensive data exposure within the board’s own systems.

Service Restoration Efforts Underway

Internet services remain partially offline across the board. Staff have regained access to their email accounts, and student email restoration is in progress. While in-school Wi-Fi has been re-enabled, access is restricted to internal systems, with no ability to browse external websites such as Google or YouTube.

The disruption has significantly affected secondary students enrolled in online learning programs, who have been unable to access their courses since the Christmas break. The board has announced that these students will be graded based on work completed before the break, with no final exams for online classes. Report cards, originally set for release earlier in February, will now be available on February 20.

Future Cybersecurity Measures

UCDSB officials have pledged to strengthen the board’s cybersecurity defenses to prevent future breaches. “We will make changes to our program based on the results of our investigation, which is not yet complete,” they stated. Further updates on the investigation and additional security enhancements are expected in the coming weeks.

For those potentially impacted by the data breach, more information on credit monitoring services and security measures can be found on the UCDSB website at www.ucdsb.on.ca.

Jenny is a business insurance broker with Waypoint Insurance. She can be reached at 604-317-6755 or jhansen@waypoint.ca. Connect with Jenny on LinkedIn at https://www.linkedin.com/in/jenny-holly-hansen-365b691b/.  Connect with Jenny at BlueSky: https://bsky.app/profile/jennyhollyhansen.bsky.social

Jenny Holly Hansen is a cohost with Chris Sturges of the Langley Impact Networking Group. You are welcome to join us on Thursday’s from 4pm to 6pm at: Sidebar Bar and Grill: 100b - 20018 83A Avenue, Langley, BC V2Y 3R4

Tags:  #Jenny Holly Hansen #Upper Canada District School Board (UCDSB) #Data Breach #Cyber Attack #Risk Assessment #Cyber Security

Share this article
The link has been copied!