Following news of a cybersecurity incident involving multiple Ontario school boards, a University of ߲ݴýprofessor says these types of attacks will become more common in the future.
Education sector vulnerable to attacks
Ali Dehghantanha, a professor at the university’s School of Computer Science and a Canada research chair in cybersecurity and threat intelligence, said the education sector is vulnerable to these types of incidents because these institutions often use outdated systems and limited cybersecurity measures.
And, as more information is being digitized, these institutions are becoming more attractive to cybercriminals.
To protect themselves, organizations must invest in robust cybersecurity measures, he said.
Multiple Ontario school boards notified parents of a cybersecurity incident this week.
Boards share letters with parents
According to an email shared with parents by the Peel District School Board, a company called PowerSchool experienced a cyber incident on Tuesday, Jan. 7, affecting many school boards across North America. The PowerSchool application is used to store a range of student information and a limited amount of school staff information, the email said.
“We are working with PowerSchool to thoroughly investigate the incident and determine its full scope,” the message to Peel parents said. “While PowerSchool has confirmed that the data accessed by an unauthorized user has been deleted and no copies of this data were posted online, we are continuing to assess the specific information that may have been accessed or exported from the application.”
Other Ontario school boards reported to be impacted include the Toronto District School Board and York Region District School Board. Reports show the incident impacted schools across North America.
Parents advised to wait for next steps
Dehghantanha said this latest incident is still in the early stages of an investigation and parents should wait on official communication from authorities for what steps, if any, they should take.
Speaking of cyberattacks in general, Dehghantanha said cybercriminals attack institutions for various reasons.
He said they can extract data from their target or drop ransomware into their systems.
“Most of the time, attackers are deploying the ransomware at the very last stage of the attack,” he said.
Attackers will extract information, create back doors for themselves and steal any valuable information they can, he said, and once there’s no valuable information left to take, they’ll drop the ransomware.
“That is the common pattern among the attackers and cybercriminals,” he said.
Purpose of data taken
Dehghantanha said attackers will target institutions that store sensitive information, and they can take addresses, first and last names, identification numbers and more to then impersonate the victims.
Towns and cities, which often take payments from clients, could also have credit card information stored on their systems.
“One of the things these attackers are doing is using people’s information to create credit cards for themselves, and if the attack is advanced, I have even seen them taking out a mortgage,” he said.
But cyberattacks may not always be about stealing data. Sometimes, ransomware is utilized to disrupt a business in order to extract a payment out of them.
Ransomware will encrypt the data that has been breached and the attacker will demand payment, usually to be made via cryptocurrency, in order to restore access to the system, Dehghantanha said.
The general advice from cybersecurity professionals is not to make a payment — however, Dehghantanha noted he’s seen, on rare instances, where the best solution was to make a payment. Organizations affected by ransomware should make these payments through a cybersecurity firm and not directly, he said.
What can I do after data breach?
Dehghantanha said people whose information may have been included in a data breach would be informed by law enforcement or the institution that was impacted and should follow their advice.
If you’re instructed to change passwords or take other measures, do so.
How to tell if my information is being used?
It may be hard to know if your personal information has been compromised. If it has been compromised in a cybersecurity incident that is discovered, you’ll likely be informed by law enforcement or the impacted institution.
There are also websites, one of which is , where people can check if their information has been compromised, but these types of sites are limited in that they rely on publicly available data.
What you can do
Dehghantanha said people should keep an eye on their credit history reports and watch for anything unusual.
As for general advice, he said people should keep your systems up to date. If you see an update for a system, install it because it likely includes a security patch for a vulnerability.
Secondly, when available, use two-factor or multifactor authentication. This might mean you receive a text message or some other communication every time you sign into one of the online systems you use, which Dehghantanha said can help stop many attacks.
Error! Sorry, there was an error processing your request.
There was a problem with the recaptcha. Please try again.
You may unsubscribe at any time. By signing up, you agree to our and . This site is protected by reCAPTCHA and the Google and apply.
Want more of the latest from us? Sign up for more at our newsletter page.
To join the conversation set a first and last name in your user profile.
Sign in or register for free to join the Conversation