OTTAWA FRENCH SCHOOL BOARD: Ransom paid to hackers who stole data on employees, parents and students

Article content

Ottawa’s French public school board says it has paid a ransom to the hackers who breached its computer system and stole files that included personal information on employees, parents and students.

Article content

The Conseil des écoles publiques de l’Est de l’Ontario has employed cyber security experts to investigate the data breach, the board said in a news release Tuesday.

The board discovered on Oct. 18 that “unknown actors” had gained access to the board’s computer network and took files stored on the server in the main office, said the release.

The board made a payment to the cyber thieves and was told the data had been deleted.

About 75 gigabytes of data was stolen, most of it internal employment and administration issues, said the board. However, the data also included social insurance numbers, bank account numbers, credit card numbers and dates of birth.

Anyone employed by the board after 2000 may have had personal information stored on the server from which the files were stolen, said the release.

Article content

The board said it will write to all employees whose personal data may have been compromised within the week and also provide them a free credit monitoring service for two years.

A “smaller number” of current and former students and parents may also have been affected, and will be contacted, said the release.

The release apologized for the incident, saying administrators are taking steps to improve the security of their computer network.

The incident has been reported to police and the Information and Privacy Commissioner of Ontario.

The release from the board did not say how much ransom money was paid to the cyber hackers.

The board paid the ransom because it was the best chance to secure the data, according to an information webpage the board has set up about the cyber hack. The board does not have proof the hackers destroyed the files after receiving the money, but there is no reason to suspect they did not, said the post.

The board began the “network containment” a few hours after the breach was detected on Oct. 18 and since then has spent time trying to determine what data was taken and analyzing the situation, according…