Alberta schools among hundreds across North America hit by cyberattack

Classrooms in Alberta have been hit by a data breach that has affected schools across Canada.

Parents and caregivers across the province received advisories Wednesday, informing them of a breach involving PowerSchool, an application used to store a range of student information.

School officials in Alberta, and others in Ontario, Nova Scotia, PEI and Newfoundland and Labrador, are working with PowerSchool to determine the extent of the breach.

PowerSchool, a U.S.-based provider of cloud software, said in a statement it has taken "all appropriate steps" to prevent further unauthorized access or misuse of the affected data. It confirmed that financial data was not stored in the compromised systems. 

'Reasonable assurances'

Red Deer Public Schools, which serves students in the central Alberta city, was caught up in the cyberattack. Ron Eberts, associate superintendent for technology and information services, said the division was told that PowerSchool paid a ransom to "bad actors" to have the compromised student data deleted.

"There was reasonable assurances that the data was deleted," Eberts said in an interview. "So we feel confident that there is nothing, that there were no leaks to the dark web or otherwise for our student data." 

Eberts said the ransomware attack relied on compromised accounts to gain access to school systems and quickly extract information.

"They obviously had done a lot of work ahead of time because they created a script that used this account to log into the system, extract a student CSV (comma-separated values) file, extract a teacher CSV file, log out and then go on to the next school division."

Watch | How Alberta school districts are handling the data breach

How some Edmonton school districts are dealing with the aftermath of a cyber attack

11 hours ago

Duration 1:47

Some Edmonton and northern Alberta school divisions who use PowerSchool have been advised their data is part of a cyber security breach. As Travis McEwan reports, some school divisions are conducting their own investigations.

Eberts said school officials have since worked closely with the company to ensure their accounts are secure.

"It was very troublesome," he said. "But we we are very confident that the data of our teachers and our students is safe and our school has done a good job, I believe, of ensuring this won't happen in the future."

Edmonton Catholic Schools, also compromised, posted a letter online that it received from PowerSchool.

"Our investigation determined that an unauthorized party gained access to certain PowerSchool Student Information System customer data using a compromised credential, and we regret to inform you that your data was accessed," the letter said.

In an email sent to parents Wednesday, officials with St. Albert Public Schools said the division was among hundreds across North America dealing with the breach.

The letter informed parents that student information, including names, birthdates, addresses and phone numbers had been compromised. The division said its IT team was investigating the breach and had taken steps to mitigate any further risk to student data.

Similar notices were issued Thursday by Conseil scolaire FrancoSud and Conseil scolaire Centre-Nord, which serve francophone students across Alberta.

Rocky View Schools, which serves students surrounding Calgary, said a breach of its systems occurred Dec. 28. Officials said they didn't know the extent of the breach but reassured families that no financial data was stored on the cloud-based system. 

The Calgary Catholic School District confirmed it was not affected by the cyberattack. 

Ontario's Toronto, Peel and Durham district school boards issued similarly worded notices about a "cyber incident" targeting PowerSchool.

The notices say PowerSchool told school boards in Ontario and elsewhere on Tuesday that it had experienced a data breach between Dec. 22 and 28.

The government of Newfoundland and Labrador also issued a notice about the data breach at PowerSchool, which it said is used in the provincial education system from kindergarten to Grade 12. It said "multiple government departments" are involved in determining the next steps.

Incident 'contained' 

PowerSchool said the incident is "contained," and it does not anticipate the data will be shared or made public.

The company said it is providing services to its customers as usual as it continues to investigate.

"We take our responsibility to protect student data privacy and act responsibly as data processors extremely seriously," PowerSchool said in its statement.

Chester Wisniewski, a digital security expert and director with Sophos, said such attacks are increasingly common but it is unusual to see so many Canadian institutions targeted in a single breach.

'A tool for extortion'

Wisniewski said the breach was driven by greed.

"They don't care about the information, they are just trying to extort people," he said. 

"Every criminal is different but we've investigated thousands of these over the years and its incredibly unusual for the criminals to use the information in any other way other than [as] a tool for extortion."

He said attacks have become increasingly complex and well-orchestrated, making complete prevention nearly impossible.

"Unfortunately, with the sophistication of attackers today, we've moved to a mantra now of protect, detect and respond, because we know protection is never going to be 100 per cent effective," he said. "We have to detect for when it fails and be ready to respond when it does."