Report cards, photographs jeopardized by cyberattack
Letters went out this week to nearly 6,000 families within Okanagan Skaha School District 67 warning them a trove of personal information -- ranging from photos and report cards to medical records and test results -- was placed at risk in February’s cyberattack.
Notably, though, there were no reports as of Wednesday morning that personal information from SD 67 had been used fraudulently.
“The district has engaged expert assistance to monitor the internet and dark web, and if there is evidence that district information has been released or is circulating as a result of this incident, the district will immediately notify parents and staff,” wrote superintended Todd Manuel in an email to The Herald.
“As our investigation proceeds, parents who are identified as potentially being at risk for identity theft are being offered credit monitoring. We are still working to confirm the extent to which parents may have been exposed to this risk.”
The district remains “optimistic that the impacts on staff and students will be minimal,” added Manuel.
The cyberattack on Feb. 13 involved bad actors hacking into SD 67’s computer network for unknown reasons. The incident also knocked out phone and email services for staff, although classroom instruction was unaffected.
There have been few other details released about the cyberattack, which remains under investigation by the RCMP and B.C. Office of the Information and Privacy Commissioner.
This week’s warning letter was distributed to approximately 5,800 families, which is about equal to total student enrolment, according to Manuel.
“In the course of our ongoing investigation, we have determined that personal information belonging to parents and students may have been subject to risk as a result of the incident. The impacted files appear to be limited to the period between 2022 and 2024,” wrote Nicole Bittante, SD 67 secretary-treasurer, in the letter.
It then goes on to list 10 different categories of personal information that have been “potentially impacted:”
• Student files, including name, contact information and date of birth;
• Student report cards;
• Enrollment information, including student name, school, provincial education number;
• Student assessments that may contain some health information;
• Standardized test results;
• Information about students enrolled in child care;
• Attendance records, bus lists;
• Medicine and medical alert lists;
• Student discipline/suspension files/letters;
• Student photos and class lists.
The letter concludes with a pledge to “seek opportunities to further strengthen” SD 67’s computer security.
“Unfortunately, no organization is entirely immune to cyber attacks. Cyber incidents have been on the rise on a global basis for a number of years, including those targeting public institutions,” wrote Manuel in his email.
“However, we are working together with cyber security experts to look at available options and data security tools to protect against and prevent further incidents.”
This week alone, the City of Hamilton revealed it was hit with a ransom demand following a cyberattack Feb. 25 that has taken down most online systems there, while another attack in the U.S. has hobbled that country’s largest health-care insurance payment service.