The Toronto District School Board yesterday notified an undisclosed number of students about a June 2024 data breach that compromised names, schools, grades, TDSB email addresses, TDSB student numbers, and dates of birth.
Ransomware gang LockBit claimed responsibility for the attack and gave the district until September 12, 2024 to pay a ransom.
TDSB has not verified LockBit’s claim. We do not yet know how many students were affected, whether TDSB paid a ransom, how much LockBit demanded, or how attackers breached TDSB’s network. Comparitech contacted TDSB for comment and will update this article if it responds.
TDSB first reported a cyber incident on June 12, confirming a ransomware attack on TDSB’s testing environment.
On August 29, the district stated student information was compromised. “We have now confirmed that the testing environment contained 2023/2024 student information that could include name, school name, grade, TDSB email address, TDSB student number and day/month of birth,” the notice reads.
No SIN numbers or financial information was breached, and the notice does not offer victims free credit monitoring or identity theft protection.
Who is LockBit?
LockBit is one of the most prolific ransomware gangs of recent years, first appearing in 2019. The Russia-based group is responsible for hundreds–possibly thousands–of attacks.
In 2024 so far, LockBit claimed 63 confirmed ransomware attacks, affecting more than 8 million records. Of those attacks, 15 were on targets in the education sector.
In 2023, Comparitech researchers logged 217 confirmed LockBit attacks impacting more than 17 million records.
LockBit’s average ransom is $17.4 million, though that figure is skewed by a $200 million ransom demanded from Boeing that went unpaid.
LockBit has claimed 411 unconfirmed ransomware attacks in 2024 so far. The group said it hacked more than 150 targets over the course of a few days in May 2024. It has been quieter in recent months until it added nine new victims to its leak site in the last 24 hours.
Ransomware attacks on education
Aside from data theft, ransomware attacks can disrupt critical operations at schools and universities. Attacks can force schools to cancel classes and lock down computer systems used for everything from grades to payroll.
Comparitech tracked 64 attacks on the global education sector so far in 2024, affecting almost 250,000 records. Those figures are on track for a steep decline from last year, during which we tracked 183 attacks affecting 3.8 million records. The average ransom for schools and universities is $420,000.
Some of the most recent ransomware targets in education include the Université Paris-Saclay (France), Gadsden Independent School District (US), and Universität Koblenz (Germany). No gangs have come forward to claim any of these attacks yet.
Another 83 attack have been claimed but not confirmed so far this year.
About the Toronto District School Board
The TDSB, also known as the Metropolitan Toronto School Board, is Canada’s largest school board and the fourth-largest in all of North America. It administers 472 elementary schools and 110 secondary schools. It serves about 238,000 students and employs 42,000 staff.