Analysis Summary

The June LockBit ransomware attack resulted in the compromise of student information, as acknowledged by the Toronto District School Board (TDSB).

In Canada, the TDSB is the biggest school board, overseeing 582 schools and around 235,000 pupils. The organization notified parents in June that illegal activity had been found in a test system that its technology department was using. The official networks used by the board are not connected to this testing environment. The TDSB's cybersecurity team moved swiftly to safeguard vital systems and secure data in response.

Name, school name, grade, TDSB email address, TDSB student number, and day/month of birth are examples of exposed student information. At that moment, TDSB learned that an unauthorized third party had obtained access to the technology testing environment, a distinct setting that TDSB IT Services uses to test the software before letting it run in real time on TDSB systems.

An update posted by the TDSB reads, “We have now confirmed that the testing environment contained 2023/2024 student information that could include name, school name, grade, TDSB email address, TDSB student number, and day/month of birth.”

Parents were reassured by the Toronto District School Board (TDSB) that there is no danger to pupils as a result of the security compromise. The TDSB affirmed that it is not aware of any student data being made publicly available on the clear or dark web. The test environment was disconnected, impacted systems were isolated and secured, security measures were strengthened, and law enforcement was notified as soon as possible by the TDSB. The Office of the Information and Privacy Commissioner of Ontario was notified of the incident by the organization.

The Toronto District School Board was the target of a ransomware attack, according to the researchers, and the LockBit gang threatened to release the stolen material if the institution did not pay the ransom within two weeks. The infamous ransomware group did, nevertheless, claim tens of additional attacks against other firms; yet, some of the group's statements seem to be riddled with mistakes or connected to previous data breaches that other ransomware groups had previously disclosed.

Since its launch in January 2020, the LockBit ransomware campaign has affected over 2,500 victims in 120 countries, with 1,800 of those victims being in the United States. The group's targets included individuals, companies, government organizations, hospitals, and schools. The gang demanded ransom payments of about $500 million, resulting in wider losses of billions.

Impact

• Information Exposure
• Identity Theft
• Unauthorized Access

Remediation

• Maintain cyber hygiene by updating your anti-virus software and implementing a patch management lifecycle.
• Emails from unknown senders should always be treated with caution.
• Never trust or open links and attachments received from unknown sources/senders.
• Keep your software up to date. Software updates often include security patches that can help to protect your systems from known vulnerabilities.
• Use strong passwords and multi-factor authentication. This will make it more difficult for attackers to gain access to your systems.
• Back up your data regularly. This will help you to recover if your systems are encrypted by ransomware.
• Deploy robust endpoint security solutions, including antivirus, anti-malware, and intrusion detection systems, to detect and prevent threats like LockBit ransomware.
• Immediately disconnect or isolate the compromised systems from the network to prevent the malware from spreading further. This may involve shutting down affected servers or segments of the network.
• Conduct a thorough investigation to determine the extent of the breach, including identifying which systems and data were compromised.
• Develop a long-term cybersecurity strategy to prevent future incidents, including investing in advanced threat detection and response capabilities.