Internal memos reveal wide-ranging impacts of WRDSB cyberattack
Nine months after a cyberattack at the Waterloo Regional District School Board (WRDSB), we’re learning more about what was impacted and how the breach was handled.
On Wednesday, the board’s associate director sat down with CTV News in an exclusive interview, speaking about the incident and its aftermath for the first time.
Memos obtained through a Freedom of Information Request also shed more light on the scope of the attack.
CTV News put in a request for all emails, memos and internal communication about last summer’s cyber attack.
More than 1,000 pages were identified, but ultimately the board only released 38, citing privacy and solicitor-client privilege as reasons for withholding the rest.
The series of internal memos that CTV News did receive reveal just how widespread the issues were.
SYSTEMS BREACHED
On July 10, 2022, WRDSB learned it was the victim of what the board has described as a “cyber incident” or “cyber intrusion.”
“As soon as we discovered that there had been criminal activity within our network, we immediately prevented access to our network and it was within the same day that we brought in the expert third parties to support us in our processes,” WRDSB associate director Graham Shantz said.
While Shantz is not specifically naming which companies or experts were brought in to help, he says they are industry-leading experts in their field that have supported many public institutions in similar situations.
WRDSB associate director Graham Shantz speaks to CTV News Kitchener. (Dan Lauckner/CTV News)
CONCERNS ABOUT MESSAGING
Through the freedom of information request, CTV News obtained a memo sent on July 20, 2022, to system leaders at WRDSB. It indicates that all staff would be notified that day of the incident, and that they would be told in part, “We have confirmed that data was stolen, and we are working to determine the exact content of that data.”
System leaders were also provided with a statement they should use to respond to inquiries from staff, students and families, which was: “I am aware that the WRDSB has been the victim of a cyber incident and that staff in collaboration with experts are working to resolve the issue and safeguard staff and student information.”
The memo raises concerns that the messaging must be consistent “to ensure the hackers do not use media coverage against us or do not obtain contradictory information from personal posts or emails,” going on to indicate legal counsel has helped craft the statements.
The same day a memo was sent to students and their families, informing them of the incident, and stating in part, "While we believe that any risk to our students' sensitive information is low, it was important to us to make you aware of this incident."
Shantz says their investigation ultimately revealed the hackers had accessed one of the board’s networks that contained staff and student personal data.
DID WRDSB PAY A RANSOM?
On Aug. 12, the board revealed personal information of employees dating back to 1970 as well as some student information had been taken.
At the same time, the board said it had: “recovered the data, and we have received assurance that any data taken as part of the cyber intrusion has been deleted."
The board will not comment on whether they paid a ransom.
But experts say it’s something most organizations in this position end up doing.
“I'll put it this way, if a ransom had not been paid, I think the school board would be able to just say that it hasn't been paid,” said David Jao, a University of Waterloo professor and member of the Cybersecurity and Privacy Institute.
HACK IMPACTS OPERATIONS FROM PAYROLL TO PRINTERS
Starting at the end of July, the board offered staff a year of credit monitoring.
“At this point, we have no indication that there has been any use of any data that was impacted,” Shantz said.
The incident created a number of other challenges as well.
A memo sent to staff on Aug. 17 outlines how many systems required workarounds – including incident reporting, new employee training, and security card systems.
There were also challenges programming building HVAC systems and payroll issues.
A further memo on Aug. 31 says some annual salary updates couldn't be processed and would have to be applied retroactively.
The help desk, email setup for new staff, password resets and even network printers at secondary schools were also inaccessible, among other things.
“Since day one of the incident in July, our priority was opening our doors in September to families and to students -- and I have to pass on a huge thank you to our staff who did a very outstanding job. There was a variety of approaches that were used to ensure that all our regulatory obligations were met and that we could safely open our doors in September,” Shantz said.
Shantz says operations were largely back to normal by late fall or early winter.
STUDENT INFORMATION ALSO TAKEN
At the end of September, the board announced that data for 70,000 students enrolled between 2006 and 2013 was among the information taken.
It said that information may have included names, birthdates, genders, whether the student had an individualized education plan, Ontario education numbers and historical education information.
Students of age were offered credit monitoring and the board says some took it, while adding it was believed the risk was low.
It’s an assessment experts agree with, saying the most sensitive piece of information is likely the date of birth.
“What a date of birth means is that it's one more piece of information that a potential bad actor can use to try to do things to you. By itself it's not going to be enough, it has to be combined with other things,” Jao said.
QUESTIONS REMAIN
What remains unclear is how criminals accessed the board’s network in the first place.
“At this time, working with our forensic experts, they weren't able to definitively define what the access point was,” Shantz said.
Waterloo regional police also continue to investigate the cyberattack.
This is part one of a two part series. On Friday, CTV News will look at some of the questions raised around how the board handled the situation and changes that have been made in the months since it happened.
CTVNews.ca Top Stories
'No one has $70,000 dollars lying around': Toronto condo owners facing massive special assessment
The owners of a North York condominium say they are facing a $70,000 special assessment to fix their building's parking garage. '$70,000 is a lot of money. It makes me very nervous and stressed out of nowhere for this huge debt to come in,' said Ligeng Guo.
Police ID mom, daughter killed in Old Montreal; video shows person break into building before fatal fire
Police released the identities of the mother and daughter who were killed after a fire tore through a 160-year-old building in Old Montreal on Friday.
Tropical Storm Milton forms in Gulf of Mexico, could intensify as a hurricane threatening Florida
Tropical Storm Milton has formed in the Gulf of Mexico. It is located 220 miles (355 kilometres) north-northeast of Veracruz, Mexico.
'I screamed in shock and horror': Family faces deadly Vancouver hit-and-run driver during sentencing
The sentencing of the man who pleaded guilty in the deadly hit-and-run in Kitsilano two years ago began on Friday.
Inter Miami star Lionel Messi draws a crowd for arrival at Toronto's BMO Field
Argentine star Lionel Messi was on the bench to start Inter Miami CF's game in Toronto on Saturday.
Frequent drinking of fizzy beverages and fruit juice are linked to an increased risk of stroke: research
New data raises questions about the drinks people consume and the potential risks associated with them, according to researchers at Galway University in Ireland, in partnership with Hamilton’s McMaster University.
Northwestern Ont. woman charged with arson with disregard for human life
A 30-year-old northwestern Ontario woman has been charged with arson following a structure fire Thursday night, police say.
Looking for cheap flights for the holidays? Here are some tips to remember
Travelling on a budget can be stressful, but there are ways you can ensure you're getting the best deal on flights as the holiday season approaches.
A French judge in a shocking rape case allows the public to see some of the video evidence
A French judge in the trial of dozens of men accused of raping an unconscious woman whose now former husband had repeatedly drugged her so that he and others could assault her decided on Friday to allow the public to see some of the video recordings of the alleged rapes.