On November 8, York Region District School Board experienced a cyber incident resulting in a network outage. The vast majority of school-related systems were restored quickly and classroom education continued without much disruption.
Since the outset, the Board has worked with third party legal and technology experts to ensure an appropriate and effective response. We have also engaged law enforcement.
Regrettably, we have now confirmed that data was taken by those who compromised our network. It will take time to analyze the data and determine who is affected and how. The current analysis indicates that the greatest potential risk of exposure is to a limited number of our current employees. While students and parents may also be affected, their potential exposure is limited. The school based online payment system “SchoolCash Online,” Edsby, Teach Assist and student information systems were not affected by this incident and data collected and stored in those systems continues to be secure.
We understand that you want to know whether you are affected by this incident. We are analyzing data, however this process is time consuming. We will notify families directly if we identify a potential risk. In the interim, we will continue to be transparent with the public as we work through our recovery process.
This webpage will continue to be updated with frequently asked questions for members of the public.
We appreciate that this news is concerning and we regret this has occurred. We are committed to learning from this incident and making improvements to our network security that will best protect our students and families.
Frequently Asked Questions
As previously communicated, on November 8, the Board experienced a cyber incident that affected IT products and services. Those services have been restored and the Board continues normal operations. The Board is continuing to work with third party experts to investigate.
The Board’s IT team in partnership with cybersecurity experts are working diligently to address the incident. This includes implementing enhanced security measures and collaborating with law enforcement agencies. We are taking this matter very seriously.
The Board has been working with third party experts and law enforcement. The IT Team has been conducting appropriate due diligence to determine what has occurred and appropriate steps, including timing for communication.
Regrettably, we have now confirmed that data was taken by those who compromised our network. It will take time to analyze the data and determine who is affected and how. The current analysis indicates that the greatest potential risk of exposure is to a limited number of our current employees. The school based online payment system “SchoolCash Online”,” Edsby, Teach Assist and student information systems were not affected by this incident and data collected and stored in those systems continues to be secure. While students and parents may also be affected, their potential exposure is limited. Based on the results of our analysis, we will notify individuals as appropriate and as required by law.
We are working with legal and technical experts to identify the cause of the incident. Once identified, we will continue to take steps to reduce the potential risk of similar incidents in the future. We are also conducting ongoing cybersecurity training for employees to enhance awareness and vigilance.
The greatest potential risk of exposure is to a limited number of our current employees, and we don’t collect information about students that is typically used to commit identity fraud. The school based online payment system “SchoolCash Online,” Edsby, Teach Assist ” and student information systems were not affected by this incident and data collected and stored in those systems continues to be secure. We are working to identify affected students and family members and will notify those who are at potential risk.
We understand the importance of timely communication. We will provide updates as soon as new information becomes available. Our priority is to keep you informed and address your concerns during this process.
Yes. The IPC was notified on November 10 that we experienced a cyber incident. On December 13, an update was provided to the IPC.
The greatest potential risk of exposure is to a limited number of our current employees and we don’t collect information about students that is typically used to commit identity fraud. The school based online payment system “SchoolCash Online”,” Edsby, Teach Assist and student information systems were not affected by this incident and data collected and stored in those systems continues to be secure. While students and parents may also be affected, their potential exposure is limited. It will take time to analyze the data and determine who is affected and how. Based on the results of our analysis, we will notify individuals as appropriate and as required by law.
The greatest potential risk of exposure is to a limited number of our current employees, and we don’t collect information about students that is typically used to commit identity fraud. The school based online payment system “SchoolCash Online” and student information systems were not affected by this incident and data collected and stored in those systems continues to be secure. While students and parents may also be affected, their potential exposure is limited. We will use our existing contact information to provide individual notifications.
The greatest potential risk of exposure is to a limited number of our current employees, and we don’t collect information about students that is typically used to commit identity fraud. The school based online payment system “SchoolCash Online”,” Edsby, Teach Assist and student information systems were not affected by this incident and data collected and stored in those systems continues to be secure. While students and parents may also be affected, their potential exposure is limited. We will use our existing contact information to provide individual notifications.
We have no evidence of any misuse of information at this time.
The school based online payment system “SchoolCash Online”,” Edsby, Teach Assist and student information systems were not affected by this incident and data collected and stored in those systems continues to be secure.