The Toronto District School Board (TDSB) is warning that it suffered a ransomware attack on its software testing environment and is now investigating whether any personal information was exposed.
TDSB is Canada’s largest school board and the fourth largest in North America, responsible for the administration and management of 473 elementary, 110 secondary, and five adult education schools. The organization operates on an annual budget of roughly $2.5 billion.
An announcement published on the board’s website yesterday notifies parents, guardians, and caregivers of a ransomware attack that may have exposed sensitive information.
“TDSB recently became aware that an unauthorized third party gained access to TDSB’s technology testing environment, which is a separate environment used by TDSB IT Services to test programs before they are run live on TDSB systems,” reads the announcement.
“We are conducting a thorough investigation to understand the nature of the incident, any impact on our network, and if any personal information may have been affected by the incident,” adds TDSB further down in the announcement.
TDSB says that all of its systems are operational and none of their operations are disrupted, indicating that they were able to contain the attack in the testing environment.
The organization has notified the Toronto Police Service and the Information and Privacy Commissioner of Ontario and is working with third-party cybersecurity experts to determine the scope of the incident.
TDSB serves approximately 247,000 students and employs 40,000 staff members, so this incident could impact a significant number of people.
Toronto District School Board promised to notify affected individuals if the ongoing investigation determines that a data breach has occurred, but for now, it has opted not to share too much information.
Potentially impacted individuals seeking answers are invited to contact the organization at ‘cyberincident@tdsb.on.ca.’
At the time of writing this, none of the major ransomware groups claimed responsibility for the attack at TDSB.
BleepingComputer has contacted the organization to learn more about the attack, but a comment wasn’t immediately available.
Source: www.bleepingcomputer.com