Hackers obtained 52 years of employee names, dates of birth, bank statements and SINs from the Waterloo Region District School Board

WATERLOO REGION — A cyberattack on the public school board has given thieves access to the names, dates of birth, banking information and employee social insurance numbers of anyone who has worked for the board since 1970.

The thieves were also able to access all employees’ paycheck histories over the past decade and “certain student information” that the board has not yet specified.

This is the first time the school board has admitted to the extent of the personal information stolen in the July cyberattack.

“We are still actively investigating the full extent of the impact to student information, and will provide an update as soon as we know more,” the Waterloo Region District School Board said in a statement Friday.

The board first noticed a problem on July 10. He didn’t notify staff for a week after realizing the attackers may have obtained data.

The cyberattack prevented the council from paying some employees later in July and providing the records of employment others needed to file employment insurance claims.

The intention may have been to steal identities, experts said. Personal information such as social insurance numbers, bank account details, credit card numbers and dates of birth may be used to create credit cards, loans or bank accounts.

The council offers employees one year of free credit monitoring.

He has hired forensic experts to investigate what was stolen and says he intends to release new details as they are confirmed.

“It has been difficult, especially for staff both for those waiting for payments and ROEs and for those working to resolve this issue,” said council spokesperson Eusis Dougan-McKenzie.

The board claims to have recovered personal data accessed during the attack and is investing in “state-of-the-art technologies to protect our systems and data from ever-increasing cybersecurity threats.”

The Information and Privacy Commissioner of Ontario has been notified. Complaints to the Commissioner can be made through the Privacy Office at ipc.on.ca.

The council said that “the attackers illegally accessed a restricted network drive containing sensitive personal information related to payroll and benefits administration. These files included the names, dates of birth, banking information and social insurance numbers of all current and past employees dating back to 1970. Employee payment history dating back to 2012 was also included.

Comments are closed.