Toronto school board reports ransomware attack on test environment

Hackers attempted to attack a technology testing environment used by the Toronto District School Board (TDSB) with ransomware, officials said Wednesday.

The school board is the largest in Canada and manages 582 schools for about 235,000 students.

In a statement to parents on Wednesday, the board said it recently became aware of unauthorized activity within a system the technology department uses to test programs before they run live on official systems. The test environment is separate from the board’s official networks.

Colleen Russell-Rawlins, the director of education, and Associate Director Stacey Zucker explained that the board’s cybersecurity team took “immediate steps to secure and preserve data while safeguarding critical systems.” 

“TDSB systems are operational and have not been impacted. We have notified the Toronto Police Service and are working with third-party experts to assess the incident,” they said. 

“We are conducting a thorough investigation to understand the nature of the incident, any impact on our network, and if any personal information may have been affected by the incident. Out of an abundance of caution, we have notified the Information and Privacy Commissioner of Ontario.” 

Russell-Rawlins and Zucker said they are unable to provide more information due to the ongoing investigation but noted that victims will be notified if any personal information was accessed.

The TDSB has an annual operating budget of approximately $3.5 billion and is one of the most diverse school systems in Canada. 

It is the latest Toronto institution to be targeted by ransomware gangs after the city itself had data stolen last year. The city’s library system spent weeks last fall struggling to recover from an incident that devastated services, and Toronto’s zoo, transportation system and largest children’s hospital all faced shutdowns due to ransomware attacks.