Toronto school board confirms students’ info stolen as LockBit claims breach

Avatar

The Toronto District School Board (TDSB) confirmed this week that the information of students was involved in a ransomware attack discovered in June

TDSB initially said the cybercriminals targeted a technology testing environment that is separate from the board’s official networks. The school board is the largest and most diverse in Canada and manages 582 schools for about 235,000 students.

In an update on Thursday, TDSB confirmed that an unstated number of students from the 2023/2024 school year did have information in the test environment. That information includes a student’s name, school name, grade, school email address, student number and date of birth. 

TDSB claimed its cybersecurity team and external experts told them that the risk to students “is low and that they have not seen any public disclosure of student data as part of their investigations, which includes monitoring of the dark web and other online locations.”

But on Thursday evening, the LockBit ransomware gang took credit for the attack. The leak site post does not say how much data was taken but gives TDSB 13 days to pay an undisclosed ransom.

TDSB did not respond to requests for comment about the LockBit posting. 

The school board defended its response to the attack in a letter to parents this week, arguing that it took a range of steps to improve their security while also coordinating with law enforcement on an investigation. 

TDSB said it was advised by the Office of the Information and Privacy Commissioner of Ontario to make the announcement about the data leakage so that people can file complaints with the office. 

LockBit’s claim of attacking TDSB comes as the ransomware gang attempts to revive itself yet again following a law enforcement takedown in February. 

The group posted dozens of victims on Thursday  alongside TDSB — with experts noting that many of the posts are either full of erroneous information or involve victims that do not exist. Some of the victims are from past attacks or from attacks claimed by other groups. 

Two Russian nationals pleaded guilty in July to being members of LockBit and using its ransomware to extort money from victims around the world.

NewsNews BriefsCybercrimeGovernment
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Jonathan Greig

is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.

 

Total
0
Shares
Previous Post

North Korean Hackers Deploy FudModule Rootkit via Chrome Zero-Day Exploit

Next Post

Suspected North Korean hackers targeted crypto industry with Chromium zero-day

Related Posts

North Korean Hackers Targets Job Seekers with Fake FreeConference App

North Korean threat actors have leveraged a fake Windows video conferencing application impersonating FreeConference.com to backdoor developer systems as part of an ongoing financially-driven campaign dubbed Contagious Interview. The new attack wave, spotted by Singaporean company Group-IB in mid-August 2024, is yet another indication that the activity is also leveraging native installers for
Avatar
Read More