WRDSB retirees say they felt left in the dark after data compromised in cyberattack
This is part two of a two-part series. For a timeline of cyberattack and the wide-ranging impacts it had on Waterloo Region District School Board (WRDSB) operations, read part one here.
In the wake of a cyberattack at the Waterloo Region District School Board (WRDSB) this past summer, some of the people impacted are raising questions about how it was handled.
The data accessed by hackers included details about employees dating back to 1970.
But some of those former employees say getting information about what happened, along with their risks, was difficult.
“We had one or two members almost in tears once they found out on the phone because they're concerned their life savings could be at risk, or they're maybe not in a great financial situation to begin with,” retired Kitchener teacher John Ryrie said.
Ryrie, part of a group of about 200 active retired members, says they largely learned of their risks through the media, leaving them with more questions than answers.
“The information from the board came in dribs and drabs and we were having some difficulty getting a complete picture,” he said.
The board says there was no way to ensure they had up to date contact information for former employees.
“We reached out to media outlets and utilized those media outlets to help us support reaching out,” WRDSB associate director Graham Shantz said. “And through the experts we worked with in this, that is a common approach that is used in situations like this.”
Retired Kitchener teacher John Ryrie says in the months after the cyberattack, retirees' main source of information about what happened was the media. (CTV Kitchener/Krista Simpson)
Ryrie says he realizes contacting all former employees is next to impossible, but he still wishes there had been clearer messages from the board.
He says knowing more specifics about what was accessed would have eliminated a lot of stress.
“For example, once I found out credit cards weren't part of the background, I felt some relief,” he explained.
Ryrie adds he was willing to change his bank account information in the aftermath of the attack, but didn’t have enough information to know whether that was necessary.
“That’s the kind of specific information you could deal with if you knew what they had access to or not had access to. And so we go back to exactly what were they able to find out about my history as an employee with the board? And that would have been helpful to have that right up front early, so everybody would know, and they could all go to their banks or their credit unions and do whatever they needed to do to put in further protection,” Ryrie says.
An internal memo announcing the security incident to system leaders at WRDSB reflects the board’s concern that hackers could use media coverage against it or obtain contradictory information from personal post or emails.
The memo includes a statement leaders were instructed to use if asked about the hack by staff, students and families. It reads: “I am aware that the WRDSB has been the victim of a cyber incident and that staff in collaboration with experts are working to resolve the issue and safeguard staff and student information.”
EXPERT ADVOCATES FOR TRANSPARENCY
David Jao, a University of Waterloo professor and member of the Cybersecurity and Privacy Institute, says he believes more transparency was warranted in this case.
“The way to respond correctly, I think, is not to try to hide and minimize yourself as a target,” Jao said.
The initial notification of the security incident, sent to families on July 20, stated, “We know you will have questions or concerns, but we ask that you be patient and hold off contacting us. Once we have more information to share we will make it available to you.”
Jao says most organizations should be as transparent as possible in the aftermath of a cyberattack, and feels the school board should have provided more information on what had happened and how it was being addressed.
“There's certainly, I think, more information that could be provided, and probably should just in the name of good governance. The school board is a public organization, they are a steward of public money. The taxpayers – not just the affected people – but the community as a whole has a right to know what is going on and what you’re doing.”
WRDSB associate director Graham Shantz speaks to CTV News Kitchener. (Dan Lauckner/CTV News)
BOARD SAYS IT'S MAKING CHANGES
Ryrie says it wasn't until several months after the hack that members of the group eventually met with Graham Shantz at the board to get more details and share their concerns, including why former employee information was being kept for so long.
“Part of our concern is that we’re not sure why the board would need to keep that information for 52 years. What I think happened is it was just stored and everybody forgot about it because there was no concern. Well now there is a concern,” Ryrie said.
Shantz says the board is now reevaluating its information retention schedules for former employees.
It's one of a number of changes administrators are considering or already implementing.
“We've made enhancements to our infrastructure, even though we felt we had a very good defensive posture leading up to this incident, there were things that we learned through it and given us the opportunity to improve that infrastructure,” Shantz said.
Shantz says other measures taken include more training for students and staff on how cyber incidents can occur and be prevented in the future.
Retired employees were given one year of free credit monitoring from the board, but Ryrie says some are concerned that’s not enough.
Their group has looked into arranging their own monitoring in the future.
“We're trying to find protections wherever we can in order that our members' financial information is safe,” he said.
The school board says it’s looking at whether the year of free credit monitoring they arranged should be extended beyond this summer, although it says it’s not aware of anyone’s data being improperly used at this point.
CTVNews.ca Top Stories
Inflation is down, wages are up. Why are Canadians still frustrated with the economy?
The federal finance minister has been taking every opportunity to remind frustrated Canadians that after a bumpy pandemic recovery, the nation's economy is actually doing a lot better.
B.C. port employers launch lockout at terminals in labour dispute with workers
Employers at British Columbia ports say they are going ahead with locking out more than 700 foremen across the province after strike activities from union members began.
'Be ready for both': Canadians prepare for any outcome as Americans head to the polls
Millions of Americans are heading to the polls Tuesday as a chaotic presidential campaign reaches its peak in a deeply divided United States, where voters in only a handful of battleground states will choose the country’s path forward.
Boeing factory strike ends as workers vote to accept contract
Factory workers at Boeing voted to accept a contract offer and end their strike after more than seven weeks, clearing the way for the aerospace giant to resume production of its bestselling airliner and generate much-needed cash.
Months after VRBO booking, Taylor Swift fan told home 'not available' during Vancouver concert
A frustrated Taylor Swift fan is speaking out after being pushed from a short-term rental she booked for the upcoming Vancouver leg of the superstar’s Eras Tour.
Trudeau and Harris? Poilievre and Trump? Here's who Canadians think would work best with: survey
As Americans prepare to elect their next president on Tuesday, new data from the Angus Reid Institute suggests Canadians hold differing views as to which federal party leaders would be best suited to deal with either Donald Trump or Kamala Harris.
Felonies, assassination attempts and a last-minute change on the ticket leads voters to Tuesday's U.S. election
A campaign that has careened through a felony trial, incumbent being pushed off the ticket and assassination attempts comes down to Election Day on Tuesday.
UN refugee chief says reducing refugee targets is wise if it prevents backlash
The head of the United Nations refugee agency says it is wise of Canada to scale back the number of new refugees it plans to resettle if that helps stabilize the housing market and prevents backlash against newcomers.
Canada Post, union, still disagree over weekend delivery following weekend talks
Canada Post and the union representing its workers are commenting on how weekend talks for a new contract went, with the employer calling them less productive than they'd hoped and the union claiming their employer is focused on flexibility to deliver parcels at the lowest possible cost.