Cybersecurity Breach at Pembina Trails School Division: A Deep Dive into the Impact

Overview of the Breach

In December 2024, Pembina Trails School Division experienced a significant cybersecurity incident that has since raised alarms among students, parents, and staff. Personal information from both current and former students, as well as employees’ bank account details and cheque images, were leaked onto the dark web. This alarming breach was reported following a thorough investigation by cybersecurity experts, revealing the extent of the damage caused by the ransomware attack.

Investigation Findings

On Wednesday, Pembina Trails School Division shared further insights regarding the breach. Superintendent Shelley Amos stated, “While we know a group of cybercriminals is responsible for the incident, the investigation was unable to determine a specific cause of the incident.” She emphasized that the school division emerged from this experience not only with a better understanding of cyber threats but also with enhanced security measures in place.

Schools Affected

The breach impacted twelve schools within the division, encompassing Acadia, Bairdmore, Crane, Fort Richmond, Oakenwald, Pembina Trails Collegiate, Ralph Maybank, St. Avila, Shaftesbury, South Pointe, Vincent Massey, and Viscount. With over 17,600 students and nearly 2,500 employees, the volume of exposed data is troubling.

Scope of Exposed Information

The hackers, identified as the Rhysida group, initially attempted to sell nearly one million files for $1.6 million after the school division refused to pay a ransom. Subsequent to this, numerous files were published on the dark web, revealing sensitive information from various categories, including:

• Student Databases: Backups from the years 2011 to 2024, containing crucial data like names, birthdates, home addresses, and health card numbers.
• Staff Payroll Information: Personal details, including Social Insurance Numbers (SIN), along with staff disciplinary records and bank account information.
• Cheques and Bank Details: Images of cheques with sensitive account numbers were also compromised, affecting those who interacted with the school division financially between 2021 and 2024.

The Aftermath: Voices of Concern

Lise Legal, president of the Pembina Trails Teachers’ Association, expressed frustration over the lack of closure for affected individuals. “Unfortunately, this does not bring closure to my members,” she noted, stressing the need for answers regarding both professional and personal implications of the breach.

Cybersecurity expert Carmi Levy emphasized the long-term risk for victims, urging vigilance among students, parents, and teachers. “This particular event amplifies the kind of risks they now face,” he warned. He encouraged monitoring of bank accounts and signing up for fraud alerts as necessary precautions.

The Importance of Vigilance

Levy highlighted the heightened risk of identity theft and financial fraud. Potential threats include attempts to open new credit cards or loans using stolen personal information. Fraudsters often take advantage of such data to create convincing phishing attacks—disguising themselves as trusted entities. This makes it imperative for individuals affected by the breach to verify the legitimacy of any communications they receive.

Response and Recovery Efforts

In light of the breach, Pembina Trails School Division has taken proactive measures by hiring an external cybersecurity firm to investigate the incident and monitor the situation on the dark web. Expenses related to this breach reached approximately $536,000 for credit monitoring and legal services. Most of this cost is expected to be reimbursed through an insurance policy.

The division also decided to offer free credit monitoring to certain students who supplied their Social Insurance Number to the school between 2018 and 2024, including those who received scholarships or honoraria.

Recommendations for Affected Parties

As a protective measure, Levy recommended that individuals implement strong, unique passwords for online accounts and enable multi-factor authentication wherever possible. Additionally, those whose SIN may have been exposed should proactively contact Service Canada to mitigate potential identity theft risks.

In conclusion, the Pembina Trails School Division’s cybersecurity breach serves as a significant reminder of the critical need for robust digital security. The ongoing investigation by Winnipeg police, alongside measures to enhance systems and inform affected parties, highlights the seriousness of protecting sensitive data in educational institutions.