On the same day as LockBit ransomware gang claimed attack on the largest district school board in Canada, the Board confirmed that the June attack compromised the personal information of an undisclosed number of students from the 2023/2024 school year.
Initially, the Toronto District School Board (TDSB), Canada’s largest and the fourth largest in North America, said the ransomware attack affected a separate testing environment. However, a subsequent update from last week revealed that student data, including names, school names, grades, email addresses, student numbers, and dates of birth, was also affected.
LockBit’s 13-Day Deadline
While TDSB’s cybersecurity team and external experts assessed the risk to students as “low” and reported no public disclosure of data, the LockBit ransomware gang claimed responsibility same day demanding an undisclosed ransom within two weeks.
AI-powered threat intelligence platform Cyble‘s researchers told The Cyber Express that LockBit did not post any documents – a process commonly followed by ransomware crooks as a proof of compromise. So, these claims could not be verified but, the group has set a deadline of September 12, to leak the compromised data.
In a letter to parents, TDSB defended its response to the attack, highlighting security measures implemented and coordination with law enforcement. The school board also disclosed the data breach in compliance with advice from the Office of the Information and Privacy Commissioner of Ontario.
LockBit’s recent activity follows a law enforcement takedown in February. The group has posted dozens of victims online, many of which experts have identified as erroneous or non-existent. Two Russian nationals pleaded guilty in July to being members of LockBit and extorting money from victims worldwide.
Canadian Shores See a Cyberattacks’ Spree
Canada has been battered by multiple cybersecurity incidents in recent months, with government networks and private entities alike feeling the impact.
On April 28, London Drugs, a prominent retail and pharmacy chain headquartered in B.C., announced the temporary closure of its stores across Western Canada due to a significant cybersecurity breach. The attack was so severe that phone lines were taken offline, and pharmacies could only address “urgent” patient needs on-site.
Coinciding with the London Drugs incident, BC Libraries reported a separate cyberattack where a hacker attempted to extort payment after exfiltrating data from a newly commissioned server, threatening to release the information publicly if demands were not met.
China’s Shadow Looms Large
Although LockBit has claimed responsibility for the attack on the Toronto District School Board, the incident also comes on the heels of an official Canadian inquiry revealing failed attempts by China to interfere in past elections, accusations that Beijing has denied.
The Canadian Security Intelligence Service (CSIS) recently published a report warning of ongoing Chinese cyber-espionage activities targeting Canada’s democratic institutions, economy, and research sectors. The report specifically identified China as a state-based threat conducting widespread cyber espionage across government, academia, private industry, and civil society organizations.
Canada’s democratic integrity and national security remain at risk, with CSIS emphasizing the country’s attractiveness as a target for cyber-enabled espionage and sabotage.