In an email to parents Monday afternoon, the South East Cornerstone Public School Division provided an update to the cybersecurity incident originally reported on February 8th of this year. The incident prompted a thorough review of the compromised systems and the data that was breached and also initiated the implementation of new security measures.
The breach in February involved an unauthorized third party infiltrating SECPSD's network. While swift action was taken to terminate the intrusion, it was not without consequences. The unauthorized party managed to copy a portion of SECPSD's data to an external cloud storage service. The immediate response included the activation of countermeasures to prevent further unauthorized access, the engagement of third-party cybersecurity experts to contain and investigate the breach, and the involvement of law enforcement agencies.
Subsequently, the cloud storage service provider associated with the breach was notified and the accounts linked to the incident were permanently suspended. A comprehensive forensic investigation followed, led by two prominent forensic investigators. However, the investigation failed to produce sufficient evidence to pinpoint the exact files and information that had been compromised. Despite this setback, SECPSD embarked on a meticulous review of accessed systems and potential source directories, eventually identifying certain student-related data.
The suspected compromised data encompassed various student-related details, including names, dates of birth, addresses, contact numbers, school email addresses, genders, health card numbers, allergy information, and school-related data such as student numbers, achievements, and grades. Additionally, parents and guardians had their names and email addresses identified within the scope of the breach.
Amidst the uncertainty surrounding the extent of the data breach's impact, SECPSD took a proactive stance. The school division promptly notified parents and guardians of the incident, emphasizing the importance of precautionary measures. The provided recommendations aim to minimize the risks of identity theft and fraud. These measures include exercising caution when contacted by anyone claiming to represent SECPSD, avoiding unsolicited requests for personal information, monitoring financial and credit accounts for unauthorized transactions, and remaining vigilant against phishing and spoofing attempts.
In response to Canada's Online News Act and Meta (Facebook and Instagram) removing access to local news from their platforms, DiscoverEstevan encourages you to get your news directly from your trusted source by bookmarking this page and downloading the DiscoverEstevan app.