Cyber security expert weighs in on data breach at Waterloo public school board
The Waterloo Region District Public School Board has offered few public details about what it’s calling the “cyber incidents” that impacted its IT system, but one cyber security expert says the breach is concerning.
The public school board has said it was targeted by a criminal group, and confirmed data was stolen. The board has not yet outlined what data was taken.
Ali Dehghantanha, a professor of cyber security at the University of Guelph, said since the school board collects a lot of personal information, his biggest worry with the cyber breach is identity theft and that people’s private information could be used for social engineering attacks.
“If I know your kid’s name, your kid’s school, possibly even the marks of your kids, I can probably set up very interesting and sophisticated attacks and steal a lot of information from you,” he said. “Having that private information could give attackers an upper hand.”
Dehghantanha said the impact of identity theft can be long-lasting.
“Imagine I can steal information, like a SIN number from a kid who is not of age yet, keep it for some time until they get to a specific age and then start misusing it. That would be a really, really tough case to investigate.”
However, he said whoever’s information may have been compromised may not have to worry just yet. He suggested keeping a close eye on financial transactions and to be on alert for receiving random calls.
“We don’t know the scale of the information that’s been leaked out or stolen by the attackers, so currently, we are not in a position to give a good fair assessment of the impact of people.”
On Wednesday the school board said it is working to safeguard people’s personal information, but added it could take weeks before the investigation into how this happened and what was stolen is complete.
Dehghantanha said the investigation requires looking into how the attackers got to the information and what they stole.
“Most of these hacking groups are taking actions to remove their footprints,” he said. “That’s why the investigation would be very very complicated.”
He recommends businesses and corporations take the necessary steps to protect themselves from getting hacked, including changing cyber security procedures, and not storing unnecessary personal information.
“Make sure you have a proper data removal, data destruction procedure policy in place,” Dehghantanha said.
As for users, Dehghantanha said it’s best to only use websites that have two-factor authorization.
“If you make that compulsory, it works 200 times better than making your password policy sophisticated.”
The school board said it expects to release more information on the cyber incidents early next week.
CTVNews.ca Top Stories
Canadian family stuck in Lebanon anxiously awaits flight options amid Israeli strikes
A Canadian man who is trapped in Lebanon with his family says they are anxiously waiting for seats on a flight out of the country, as a barrage of Israeli airstrikes continues.
Suspect in shooting of Toronto cop was out on bail
A 21-year-old man who was charged with attempted murder in the shooting of a Toronto police officer this week was out on bail at the time of the alleged offence, court documents obtained by CTV News Toronto show.
Scientists looked at images from space to see how fast Antarctica is turning green. Here's what they found
Parts of icy Antarctica are turning green with plant life at an alarming rate as the region is gripped by extreme heat events, according to new research, sparking concerns about the changing landscape on this vast continent.
DEVELOPING 2 dead after fire rips through historic building in Old Montreal
At least two people are dead and others are injured after a fire ripped through a century-old building near Montreal's City Hall, sources told Noovo Info.
Yazidi woman captured by ISIS rescued in Gaza after more than a decade in captivity
A 21-year-old Yazidi woman has been rescued from Gaza where she had been held captive by Hamas for years after being trafficked by ISIS.
A 6-year-old girl was kidnapped in Arkansas in 1995. Almost 30 years later, a suspect was identified
Nearly 30 years after a six-year-old girl disappeared in Western Arkansas, authorities have identified a suspect in her abduction through DNA evidence.
Dolphins 'smile' at each other when they play and to avoid misunderstanding, study finds
For humans, flashing a smile is an easy way to avoid misunderstanding. And, according to a new study, bottlenose dolphins may use a similar tactic while playing with each other.
Pit bulls in B.C. pet mauling tested positive for meth, cocaine, says city
Three pit bulls involved in a deadly attack on another dog last month in Kamloops, B.C., tested positive for methamphetamine and cocaine, and the city is going to court to have them put down.
Tax rebate: Canadians with low to modest incomes to receive payment on Friday
Canadians who are eligible for a GST/HST tax credit can expect their final payment of the year on Friday.