Student info breached in Pembina Trails cyberattack, school division confirms

Hey there, time traveller!
This article was published 19/12/2024 (318 days ago), so information in it may no longer be current.

A database containing student information was breached in a recent cyberattack, Pembina Trails School Division revealed Thursday.

The database “was accessed by an unauthorized third party in the days preceding” the Dec. 2 cyberattack, the division said in an email to parents, staff members and former staff.

The database contains the name, date of birth, gender and address of each student, along with their most recent photo, provincial personal health identification number and parental or guardian contact information.

For some students, it also contains information about health concerns or medical alerts, immigration information and where they previously went to school.

A parent of one child, who goes to a school in the division, said he can’t really fault the division for the attack.

“Obviously, it is possible someone has this information, but unfortunately this is the world we live in now,” he said.

“I’m not surprised someone tried to break into the school division’s system. There are thousands of students’ and employees’ information there and that’s what hackers want. We live in a world where people want your personal data.

“We will just have to be more vigilant.”

In a later news release, the division asked students who attended a Pembina Trails school in 2014 or later, as well as former staff who worked at Pembina Trails in 2009 or later, to check wfp.to/ptsdincident for more information. The website will also offer enrolment instructions for a free, 36-month credit-monitoring service for eligible staff.

“Upon becoming aware of the incident, we engaged third-party cyber-security professionals to help us investigate, and we took steps to contain the incident, such as taking systems offline and progressively restoring them in a secure manner,” the mass email stated.

No financial information is stored in the database, the school division said in an email to parents. Any financial information for international students is stored on a separate system that was not involved in the incident, the email said.

“We are notifying current and former students whose information was in the database. We also notified law enforcement and the Manitoba ombudsman,” the email stated.

Pembina Trails said it has “deep regret” that the incident occurred.

“We find it appalling that an organization dedicated to the education and safety of children should be the focus of this kind of criminal activity,” superintendent Shelley Amos said in the news release.

In an earlier mass email Thursday, Pembina Trails said student passwords are no longer usable after the cyberattack.

Winnipeg Free Press | Newsletter

Dan Lett | Not for Attribution

Tuesdays

A weekly look at politics close to home and around the world.

Sign up for Dan Lett | Not for Attribution

Sign Up

I agree to the Terms and Conditions, Cookie and Privacy Policies, and CASL agreement.

“Effective immediately, please know that all student passwords are no longer usable,” senior administration wrote in a mass email to families Thursday morning. “New passwords will be made available after the (winter) break.”

The notice states the disruptions are “an essential part of our recovery efforts from the recent cyber incident.”

The division’s information technology team flagged suspicious activity on internal computer systems on the morning of Dec. 2. IT systems and telephone lines later went down, affecting all of the division’s 36 schools.

Pembina Trails has about 16,000 students at its 36 schools in southwest Winnipeg.

fpcity@freepress.mb.ca