Ottawa’s French school board has admitted to paying a ransom to cyber hackers who breached the school’s IT system.
According to a statement put out by the Conseil des écoles publiques de l’Est de l’Ontario (CEPEO), “unknown actors” targeted the computer system on October 18, 2021 and stole information on employees, parents and students from the board’s main office.
“The network was re-secured later today, and we launched an investigation with the help of cybersecurity experts,” the statement, which has been translated from French to English, reads.
A news release on the incident admitted that while the board paid the sum demanded by the hackers, it was uncertain whether they deleted the data they had stolen.
The hackers claimed upon receiving the payment that they had deleted the information, but investigators had no way to confirm.
“We cannot be sure,” said the statement. “Making a payment to the threat actors was the best chance we had to secure the data.”
“CEPEO reported the incident to law enforcement and the Ontario Information and Privacy Commission. These two institutions will determine whether to open an investigation. CEPEO will cooperate fully with any investigation if such an investigation is launched.
In total, 75 gigabytes of data was stolen, including the social insurance numbers, bank account numbers and credit card information of individuals the board intends to notify.
Those hoping to know whether their own data was compromised can contact the school board.
Ransomware attacks have become increasingly common for both private and public institutions.
Most recently, a Montreal healthcare centre was attacked by cybercriminals who attempted to access records in its booking system.
https://youtu.be/QDlkITn3XFo