Ontario Teachers’ Data Stolen in Ransomware AttackVictims Notified of Ransomware Attack Six Months After the Incident
A cyberattack on a Canadian teachers’ union gave cybercriminals access to sensitive data of the union’s members.
The Ontario Secondary School Teachers’ Federation has disclosed that it fell victim to a ransomware attack six months ago which led to the compromise of personal information of its members. The union is yet to disclose the exact number of affected individuals, but stated that both former and current members are impacted.
Founded in 1919, the OSSTF has more than 60,000 members across Ontario – Canada’s most populous province. Its long list of members includes public high school teachers, occasional teachers, educational assistants, continuing education teachers and instructors, early childhood educators, psychologists, secretaries, social workers, plant support personnel, university support staff, and many others in the field of education.
The attack took place between May 25 and May 30 this year when an unauthorized third party accessed and encrypted OSSTF’s systems, the teachers' union said in a media statement. The attack was detected by OSSTF’s IT department five days after the initial intrusion.
OSSTF did not disclose it was subjected to a ransomware attack, at the time, but on May 30 it tweeted that there were some technical issues due to which the internal email system was facing an outage.
The union members were subsequently notified about the incident and the ongoing investigation which was carried out by an external cybersecurity firm. The unnamed firm also helped in containing the spread of the ransomware attack, OSSTF says.
The OSSTF spokesperson declined to provide any additional information on why there was a long delay in the disclosure of the ransomware attack, but their statement reads, "Following an external review, we conducted an eDiscovery process to review the personal information that may have been impacted. This process took several months to complete.”
The union in its statement said that while it currently has no evidence that the personal data of members has been misused, it is now reaching out to current and former members with details on what personal information has been compromised in the breach. This may include addresses and social insurance numbers, some Canadian media reports suggest.
The OSSTF assured members that it is taking the protection of their data seriously and is providing affected individuals with free credit monitoring and identity theft protection services from Equifax, depending on the type of personal information impacted, for a period of one year.
Rise of Cybercrime
Canada has been on the radar of ransomware operators in the recent past. Canada’s minister of national defence Anita Anand in the National Cyber Threat Assessment 2023-2024 report notes how ransomware incidents have hit headlines on a daily basis in the country for the past two years. These attacks have disrupted essential services including hospitals, schools, municipalities and utility providers and resulted in the personal and financial data of Canadians being stolen, traded, or leaked online.
The report highlights that ransomware is a persistent threat to Canadian organizations and because of the impact that it has on an organization’s ability to function, it is currently almost certainly the most disruptive form of cybercrime. “Cybercriminals deploying ransomware have evolved into a growing and sophisticated cybercrime ecosystem and will continue to adapt to maximize profits,” the report says.