An ongoing story in the region has been the cyberattack on the Upper Canada District School Board’s internet infrastructure. First reported on January 5, the board only announced last week that there was a significant data breach affecting former and current students and staff. Some of the personal data accessed goes back to employees from 1999, and any student from 2010 to the present. The information accessed includes addresses, banking, Social Insurance Numbers, grades, even medical and disciplinary information of students – including those with special education or medical conditions. The magnitude of this data breach is staggering, and a significant breach of personal information that will have implications for decades to come.
Data breaches have become commonplace and more frequent as the internet-connected world expands. There have been many data breaches at companies, banks, and government departments. Several Ontario school boards have been subject to data breaches or ransomware attacks in the last five years. Presently, many school boards in six provinces and several US states are dealing with a software hack at PowerSchool, a cloud-based school records company. The UCDSB cyberattack is not related to PowerSchool and is more extensive, and highlights the significant flaws with how personal information is stored, protected, and accessed.
School board funding in Ontario is based on a per-student formula, with insignificant resources directed towards cybersecurity. School boards ensure as much money as possible is directed to in-class learning. Clearly, not enough money is being spent to stay ahead of those who seek to access personal data for nefarious purposes. There is also too much trust given by board administrators across all school boards that software packages used will never have issues. Furthermore, there is also a concern about where data, especially that which is stored in “the cloud,” is actually located. While there is a legislative requirement to keep Canadian personal data in Canada, not all companies follow the rules or are clear where the data is stored.
School boards, not just the UCDSB, are far too reliant on cloud-based connectivity. This outage at the region’s largest English-language board has caused chaos for learning. Students requiring access to online-only classes are unable to connect. Many more who are taught to use tools from Microsoft or Google, are unable to complete their work due to outages. This is a loss in time and productivity for students that cannot be reclaimed and puts secondary student credits at risk.
The impact of the specific breach at the UCDSB cannot be overstated. Students who began Kindergarten in 2024 may be impacted by this digital breach when they turn 18, a decade-and-a-half from now. Past and current employees, students, and their parents/guardians, will have to watch with constant vigilance over their credit history to ensure nothing happens to them. That is over 160,000 people by our estimates, a phenomenal breach of personal private data.
Data breaches like those at the UCDSB could have been prevented with proper investments and data management. It is a costly lesson for school boards and those who trust them with their data to learn.
Discover more from Morrisburg Leader
Subscribe to get the latest posts sent to your email.