Some parents are calling for the Waterloo Region District School Board (WRDSB) to disclose more details about a data hack that saw what the board describes as “certain” student information accessed.

“My first thought was ‘nobody’s safe,’” said Poonam Gulia, whose daughter is a WRDSB student.

Her daughter, Aashl, attends Lester B. Pearson Public School in Waterloo.

Gulia said the board needs to be more transparent on the matter.

“If they don’t know anything, they don’t have any clue… I don’t feel safe to send my daughter to school,” said Gulia.

On July 20, the school board said it was working to restore its IT system and safeguarding personal information after what it called “cyber incidents.” An internal memo sent to staff the same day revealed data was stolen in the hack that was first brought to the board’s attention a week before.

On Aug. 13, the school board released further details on the breach, saying employee information dating back to 1970, including social insurance numbers, was accessed during the breach.

The board also confirmed it was assessing the full scope of the impact on students’ information.

Despite confirming student information was accessed, the board has not explained what information it was.

The board said it is actively investigating the impact and will provide an update once they know more.

Parent Rachel Detzler, whose daughter is going into Grade 2 at Sir Adam Beck Public School, said the breach has been a concern for safety and left her wondering what information was accessed.

Kaylan Ssenfuma, had a different reaction. She said she knows the board is working really hard to figure out who is behind the data breach and make sure this doesn’t happen again. She said she trusts the board to do what needs to be done.

In a statement posted online on Friday, the board said the attackers accessed a restricted network drive that contained sensitive personal information related to payroll and benefits administration, including names, birthdates, banking information and social insurance numbers of all current and past employees dating back to 1970 and payment history of employees dating back to 2012.

The board also said it's been assured that any data that was stolen has been deleted, and it will be strengthening its security measures going forward.

“[I] just [want] to make sure it won’t happen again… you don’t want that information leaked. It’s private and confidential,” said Detzler.

The Information and Privacy Commissioner of Ontario has been notified. In a statement, the commissioner said it's looking into the incident but won't provide any details.

It said the breach is a reminder that institutions need to continually invest in improvements in their security measures to keep up with evolving risks.