Toronto school board confirms students’ info stolen as LockBit claims breach

Avatar

The Toronto District School Board (TDSB) confirmed this week that the information of students was involved in a ransomware attack discovered in June

TDSB initially said the cybercriminals targeted a technology testing environment that is separate from the board’s official networks. The school board is the largest and most diverse in Canada and manages 582 schools for about 235,000 students.

In an update on Thursday, TDSB confirmed that an unstated number of students from the 2023/2024 school year did have information in the test environment. That information includes a student’s name, school name, grade, school email address, student number and date of birth. 

TDSB claimed its cybersecurity team and external experts told them that the risk to students “is low and that they have not seen any public disclosure of student data as part of their investigations, which includes monitoring of the dark web and other online locations.”

But on Thursday evening, the LockBit ransomware gang took credit for the attack. The leak site post does not say how much data was taken but gives TDSB 13 days to pay an undisclosed ransom.

TDSB did not respond to requests for comment about the LockBit posting. 

The school board defended its response to the attack in a letter to parents this week, arguing that it took a range of steps to improve their security while also coordinating with law enforcement on an investigation. 

TDSB said it was advised by the Office of the Information and Privacy Commissioner of Ontario to make the announcement about the data leakage so that people can file complaints with the office. 

LockBit’s claim of attacking TDSB comes as the ransomware gang attempts to revive itself yet again following a law enforcement takedown in February. 

The group posted dozens of victims on Thursday  alongside TDSB — with experts noting that many of the posts are either full of erroneous information or involve victims that do not exist. Some of the victims are from past attacks or from attacks claimed by other groups. 

Two Russian nationals pleaded guilty in July to being members of LockBit and using its ransomware to extort money from victims around the world.

NewsNews BriefsCybercrimeGovernment
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Jonathan Greig

is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.

 

Total
0
Shares
Previous Post

North Korean Hackers Deploy FudModule Rootkit via Chrome Zero-Day Exploit

Next Post

Suspected North Korean hackers targeted crypto industry with Chromium zero-day

Related Posts

Google Warns of Actively Exploited CVE-2024-43093 Vulnerability in Android System

Google has warned that a security flaw impacting its Android operating system has come under active exploitation in the wild. The vulnerability, tracked as CVE-2024-43093, has been described as a privilege escalation flaw in the Android Framework component that could result in unauthorized access to "Android/data," "Android/obb," and "Android/sandbox" directories and its sub-directories,
Avatar
Read More

A Hacker’s Guide to Password Cracking

Defending your organization’s security is like fortifying a castle—you need to understand where attackers will strike and how they’ll try to breach your walls. And hackers are always searching for weaknesses, whether it’s a lax password policy or a forgotten backdoor. To build a stronger defense, you must think like a hacker and anticipate their moves. Read on to learn more about hackers'
Avatar
Read More