Ottawa Francophone School Board pays ransom to hackers who stole data on employees, parents and students

Content of the article

The French-language public school board in Ottawa said it paid a ransom to hackers who violated its computer system and stole files containing personal information about employees, parents and students.

Content of the article

The Eastern Ontario Public School Board has hired cybersecurity experts to investigate the data breach, the board said in a press release Tuesday.

The board discovered on Oct. 18 that “unknown actors” had gained access to the board’s computer network and taken files stored on the main office server, the statement said.

The council made a payment to the cyber thieves and was informed that the data had been deleted.

About 75 gigabytes of data was stolen, most of it internal employment and administration issues, the board said. However, the data also included social insurance numbers, bank account numbers, credit card numbers and dates of birth.

Anyone employed by the board after 2000 may have personal information stored on the server from which the files were stolen, the statement said.

Content of the article

The board said it will write to all employees whose personal data may have been compromised within a week and will also provide them with a free credit monitoring service for two years.

A “smaller number” of current and former students and parents may also have been affected and will be contacted, the statement said.

The statement apologizes for the incident, saying administrators are taking steps to improve the security of their computer network.

The incident was reported to police and the Information and Privacy Commissioner of Ontario.

The board’s statement did not specify the amount of the ransom paid to the cyber hackers.

Board paid ransom because it was the best chance to secure data, report says web page that the board of directors created on cyber-hacking. The board has no evidence that the hackers destroyed the files after receiving the money, but there is no reason to believe they did not, the publication said. .

The board began “network containment” hours after the breach was detected on Oct. 18 and since then has spent time trying to determine what data was collected and analyzing the situation, according to the site. Web.

[email protected]

Comments are closed.