Former Waterloo Region District School Board students who were enrolled in the years between 2006-2007 and 2012-2013 may have had their personal information compromised in the July cyber attack that breached the board’s computer network.
The data of some 70,000 people were involved. Among the information that may have been taken were student names, dates of birth, gender, and historical educational information such as students’ former schools, classrooms or teachers. The main student information system was not included in the attack.
Individuals who were affected by the data breach will not be contacted by the school board directly, said WRDSB spokesperson Eusis Dougan-McKenzie.
“We are using public notification through the website, social channels and media outlets. The time it would take to match names to contact information would delay notification. Remember, this was not the main database, so names were not tied to addresses or contact details,” she said.
People can find out if their data were taken by calling TransUnion at 1-833-806-1882, state that you are calling about the Waterloo Regional District School Board credit monitoring program and provide your name.
If you are included in the data set that was stolen, TransUnion will provide you with a credit monitoring code and more information on how to register for a year of credit monitoring. The cost is covered.
The data set includes both grade school and high school students.
Of added concern was the breach providing access to students’ Ontario education number.
“The Ontario education number is a number provided to individual students. It is only used to identify students during their time in school from kindergarten through Grade 12. This is not connected to any financial information or other government identification. This is not used for identity theft,” said Dougan-McKenzie.
The attack has prompted changes at the board.
“Going forward, we are taking a number of additional measures to strengthen our systems. Working in collaboration with our internal IT team and external IT experts, we are continuing to invest in leading edge technologies to protect our systems and data from ever-growing cybersecurity threats,” said Dougan-McKenzie.
People reacted negatively to the school board’s announcement of the further details of the attack.
“This is wrong that the onus is on students and their parents to contact TransUnion to find out if their information has been compromised. For shame! WRDSB should be contacting the affected students directly!” said Melanie Eh on Facebook.
“There needs to be more than one year of credit monitoring. I can tell you that with the information that was stolen and the current age of those students and some patience and skill, a great deal of financial damage can happen in 4-7 years. Should be a minimum of 10 years monitoring,” said @Sandiemcg on Twitter.
“I monitor my own credit as it is, but also what’s a hacker gonna do with my old OEN number? I guess if you’re one of those people who never changes passwords and stuff it might be bad,” said Gabrial Klatecki on Facebook.
Besides former students’ information, the cyber attackers also accessed the names, birthdates, banking information and social insurance numbers of current and past employees back to 1970. Payment history to 2012 was also accessed.