The Huron-Superior Catholic District School Board is able to provide further information about the cyber incident that we first announced on December 15th, the day it first came to our attention.
Board staff have worked tirelessly through the holidays to address the impact of the incident and prepare for a successful return to school today. I sincerely thank our staff for their selfless efforts and all our community members for their patience and understanding as we worked through this situation. We have also been working with experts to address the privacy issue that we first acknowledged last month. Although our investigation is ongoing and will continue for some time, I am now able to provide further details.
Regrettably, the perpetrators who compromised our network did steal a significant number of files from a Board file server. They have informed us that they have since deleted the files, and we believe the risk of misuse is low, but we, nonetheless, are going to analyze the files that were stolen and determine who to notify. Given the number of files, this will take some time, possibly months.
At this time, we have determined that employees employed in the last four tax years (2019 to 2022) are likely affected. The exposed information includes: social insurance numbers, date of birth information, compensation information, banking information and (if applicable) garnishment information. All such affected employees will receive a notification letter within the next two weeks. Given the nature of the information exposed and in an attempt to give peace of mind, we will be providing these employees with an offer for a free, two-year credit monitoring service – a service that allows one to check for signs of identity fraud so protective action can be taken.
We understand that some students and parents will likely be affected by the incident, though it will take the Board time to analyze data to determine who is affected and to what extent. We will continue to be transparent and will notify those affected as appropriate and in light of our findings. We appreciate that this news may be concerning, and sincerely apologize.
We have already made improvements to our network security, and once our investigation is complete will respond to the findings in a manner that better protects us from the very significant cyber risks which face school boards across the province today.
The board will have no further comment pertaining to this cyber incident.