It turns out the cyber breach which recently affected some school boards across the country may have given unauthorized users access to student information.
The Near North District School Board (NNDSB) is one of those boards. The data breach came through PowerSchool, a system many boards use to manage student information. On Jan. 9, the NNDSB issued a release to parents about the breach, which occurred late December of last year.
See: PowerSchool ‘cyber incident’ hit local school board
The board’s letter detailed that a breach did occur, and that the board’s “cybersecurity team” were looking into it. The board didn’t confirm if any information was accessed, noting at the time it was waiting to hear back from the people who operate PowerSchool, where the breach occurred.
That was all the board had to say on the topic, and today it noted “the NNDSB has no further updates at this time.”
However, the Toronto District School Board (TDSB) did have updates. It too subscribed to PowerSchool; it too had its information breached.
Much like the NNDSB, the TDSB continues to investigate the incident.
In a release, the TDSB explained, “While our investigation into the incident continues, we have now confirmed the types of personal information stored in PowerSchool’s Student Information System that may have been accessed and acquired by an unauthorized user.”
There is no confirmation from either school board or from PowerSchool that this data “that may have been accessed” was accessed, and the TDSB noted, “PowerSchool has reported that it received confirmation that the data acquired by the unauthorized user was deleted and that the data was not posted online.”
No financial information or Social Insurance Numbers were stored in that data base, but much personal information was, dating from Sept. 3, 1985, to Dec. 28, 2024.
Here is the information that the TDSB confirmed was in its PowerSchool database. Note that the NNDSB has not confirmed the data within its PowerSchool database.
First, middle, and last names, date of birth, and gender was within the TDSB’s database. As were health card numbers, Ontario education numbers, home addresses, home phone numbers, TDSB student numbers, TDSB issued email addresses, and First Nations, Metis, and Inuit information.
Although PowerSchool noted all “unauthorized user data was deleted” and not posted online, the TDSB, “continues to take this incident very seriously, and is working with PowerSchool to ensure an incident like this does not happen again in the future.”
The NNDSB made similar overtures in its Jan. 9 letter, noting, “We know this news may be concerning, but please know that we are doing everything possible to learn more from PowerSchool about what occurred and will share that information with you.”
The NNDSB also mentioned in that note, “We will continue to update the community as more information becomes available.”
This breach has been reported to the Office of the Information and Privacy Commissioner of Ontario (the IPC) and an investigation file has been opened.
David Briggs is a Local Journalism Initiative reporter who works out of BayToday, a publication of Village Media. The Local Journalism Initiative is funded by the Government of Canada.
