Toronto school board confirms students’ info stolen as LockBit claims breach
The Toronto District School Board (TDSB) confirmed this week that the information of students was involved in a ransomware attack discovered in June.
TDSB initially said the cybercriminals targeted a technology testing environment that is separate from the board’s official networks. The school board is the largest and most diverse in Canada and manages 582 schools for about 235,000 students.
In an update on Thursday, TDSB confirmed that an unstated number of students from the 2023/2024 school year did have information in the test environment. That information includes a student's name, school name, grade, school email address, student number and date of birth.
TDSB claimed its cybersecurity team and external experts told them that the risk to students “is low and that they have not seen any public disclosure of student data as part of their investigations, which includes monitoring of the dark web and other online locations.”
But on Thursday evening, the LockBit ransomware gang took credit for the attack. The leak site post does not say how much data was taken but gives TDSB 13 days to pay an undisclosed ransom.
TDSB did not respond to requests for comment about the LockBit posting.
The school board defended its response to the attack in a letter to parents this week, arguing that it took a range of steps to improve their security while also coordinating with law enforcement on an investigation.
TDSB said it was advised by the Office of the Information and Privacy Commissioner of Ontario to make the announcement about the data leakage so that people can file complaints with the office.
LockBit’s claim of attacking TDSB comes as the ransomware gang attempts to revive itself yet again following a law enforcement takedown in February.
The group posted dozens of victims on Thursday alongside TDSB — with experts noting that many of the posts are either full of erroneous information or involve victims that do not exist. Some of the victims are from past attacks or from attacks claimed by other groups.
Two Russian nationals pleaded guilty in July to being members of LockBit and using its ransomware to extort money from victims around the world.
Jonathan Greig
is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.