August 12th, 2022
In July of 2022, the Waterloo Region District School Board became aware of unauthorized access to our IT system. We immediately retained cyber forensic experts to conduct a comprehensive investigation. This investigation has now confirmed that personal information of our current and past employees was accessed. We can also confirm that certain student information was also accessed.
We have recovered the data, and we have received assurance that any data taken as part of the cyber intrusion has been deleted.
The following information was accessed:
Category 1 – Past and Current Employees
The attackers unlawfully accessed a restricted network drive that contained sensitive personal information related to payroll and benefits administration. These files included the names, birthdates, banking information, and social insurance numbers of all current and past employees dating back to 1970. The payment history for employees dating back to 2012 was also included.
Category 2 – Student Information Database
We have confirmed that certain student information was accessed. We are still actively investigating the full scope of the impact on student information, and we will be providing an update once we know more.
If further analysis finds anyone whose personal information was impacted but it does not fall into the categories above, WRDSB will then contact those individuals directly.
“This cyber intrusion disrupted our operations, and WRDSB responded immediately by engaging cyber security experts and prioritizing a full return of our operational functions. It has been difficult, especially for staff both those waiting on payments and records of employment and those who were working on resolving this issue,” said Eusis Dougan-McKenzie, Chief Communications Officer, WRDSB. “We appreciate your patience as we conducted this detailed investigation”.
Going forward, we are taking a number of additional measures to strengthen our systems. Working in collaboration with our internal IT team and external IT experts, we are continuing to invest in leading technologies to protect our systems and data from ever-growing cybersecurity threats.
The Information and Privacy Commissioner of Ontario (IPC) has been notified of the incident. To file a complaint, please visit: https://www.ipc.on.ca/resources/forms/.
Again, WRDSB wishes to emphasize that we are treating this matter with the utmost concern and apologize for any inconvenience this incident may have caused.