The Rainbow District School Board (RDSB) has issued a sweeping new notification detailing the extensive personal information compromised in a February cyber incident, affecting tens of thousands of current and former students and employees dating back decades.
The supplementary notice, released Monday, is the result of a nine-month secondary review of records. It significantly expands the scope of affected individuals and data types beyond the board’s initial disclosure in February.
Long, extensive review
The board said the extensive process was necessary for transparency.
“We wanted to determine whether any additional personal information had been compromised beyond the initial notice,” said board officials in the Dec. 15 news release.
“We take this matter very seriously and believe due diligence is essential for transparency, accountability and trust.”
The cyber incident, which began on Feb. 7, forced a system-wide shutdown. While critical systems were restored by early March, the forensic review of breached data has continued.
Broad categories of compromised data
The new notice outlines specific data compromised for distinct groups. Former employees whose employment ended between 2005 and 2009 had Social Insurance Numbers and employee details compromised. Current and former employees from 2002 had bank account numbers and addresses exposed.
For students, the breach is vast. Alumni of five secondary schools from as far back as 1989 through to 2024 had dates of birth, addresses, grades, and Student Ontario Education Numbers accessed. International students from specific years had copies of their passports compromised.
The board also notified individuals in the Greater Sudbury area eligible to vote in the 2022 school board trustee election that their dates of birth and addresses were likely accessed.
A complete list of those impacted can be found on the board’s website.
Risk assessment and credit monitoring
The board has assessed the risk of misuse of the data as low – despite the breach’s broad scope.
“We have not received any confirmed reports of fraud or attempted fraud linked to our incident to date and believe the risk of data misuse to be low,” said RDSD spokesperson Nicole Charette in a board email to CTV News.
The board is offering a free, two-year credit monitoring service with TransUnion to individuals in the highest-risk groups, including those whose SINs or passport copies were exposed.
“This service will help you monitor for signs of identity theft for fraudulent purposes so that you can react swiftly to protect yourself,” said the board.
Ongoing response and accountability
The board has reported the incident to the Information and Privacy Commissioner of Ontario.
“We apologize to all those who have been impacted by this incident.”
— Rainbow District School Board
In a previous update in February, following the initial disclosure, the board provided some reassurance about the stolen data.
“Rainbow District School Board has since received confirmation that the data acquired by the unauthorized individuals was deleted and has not been shared,” the board said at that time.
Charette, in a March email to media, emphasized the board’s commitment to investigating the incident and securing the board’s data in the future.
“(RDSB would) like to extend our gratitude to staff in information services who worked well beyond the regular day and week to restore services as quickly as possible,” she wrote at the time.
The board directs individuals with questions or who wish to report suspected fraud linked to the incident to email cyberincident@rainbowschools.ca.
A complete list of updates about the cyber incident is posted on the board’s website.
RELATED STORIES:
- Rainbow District School Board cyber incident: A timeline
- Extensive personal information of students, staff compromised in cyber attack, Sudbury school board says
- Challenges for teachers after cyber outage at Rainbow Schools
- ‘Cyber incident’ continues to disrupt computer networks at some Sudbury-area schools
- ‘Cyber incident’ disrupts computer services at Rainbow Schools
