Lockbit gang claims the attack on the Toronto District School Board (TDSB)
September 02, 2024
The Toronto District School Board (TDSB) confirmed that student information was compromised in the June Lockbit ransomware attack.
The Toronto District School Board (TDSB) confirmed that students’ information was compromised following a ransomware attack that was discovered in June.
The TDSB is the largest school board in Canada with 582 schools and about 235,000 students. In June, the organization informed parents that unauthorized activity was detected in a test system used by their technology department. This test environment is separate from the board’s official networks. In response, the TDSB’s cybersecurity team quickly acted to secure data and protect critical systems.
Exposed student information could include name, school name, grade, TDSB email address, TDSB student number and day/month of birth.
“At that time, TDSB became aware that an unauthorized third party gained access to TDSB’s technology testing environment, which is a separate environment used by TDSB IT Services to test programs before they are run live on TDSB systems.” reads the update published by TDSB. “We have now confirmed that the testing environment contained 2023/2024 student information that could include name, school name, grade, TDSB email address, TDSB student number and day/month of birth.”
The Toronto District School Board (TDSB) assured parents that the risk to students from the security breach is low. TDSB confirmed that is not aware of public disclosure of student data on clear and dark web. The TDSB took immediate actions, such as isolating and securing affected systems, disconnecting the test environment, enhancing security measures, and notifying law enforcement. The organization reported the incident to the Office of the Information and Privacy Commissioner of Ontario.
The researchersì Dominic Alvieri reported that the Lockbit gang claimed responsibility for the ransomware attack on Toronto District School Board and threatened to leak the stolen data if the organization will not pay the ransom within 2 weeks. However, the notorious ransomware group claimed tens of other attacks against other organizations, but some of the announcements published by the group appear to be full of errors or related to past data breaches announced by other ransomware gangs.
At the end of July, two foreign nationals, Ruslan Magomedovich Astamirov and Mikhail Vasiliev, pleaded guilty in Newark federal court for their roles in the LockBit ransomware operation. The LockBit ransomware operation has been active since January 2020, the group hit over 2,500 victims across 120 countries, including 1,800 in the U.S.. The group targeted individuals, businesses, hospitals, schools, and government agencies. The group extracted approximately $500 million in ransom payments, causing billions in broader losses.
Pierluigi Paganini
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, ransomware)