Sask. school division asked to monitor 'dark web' for student, staff information after security breach

CBC

13 February 2024 at 5:09 pm·5-min read

The South East Cornerstone Public School Division in southeast Saskatchewan said as many as 20,000 people could have had their information stolen during a security breach in February 2023. (David Donnelly/CBC - image credit)

A Saskatchewan school division is being asked to monitor the dark web for current and former staff and students' personal information after a security breach.

The South East Cornerstone Public School Division No. 209 estimated that as many as 20,000 people were affected by a breach to three of its IT systems on Feb. 8, 2023, according to an investigation report from the office of the Saskatchewan information and privacy commissioner. The breach was reported to the office last August, the report says.

It says an unauthorized user was found to have moved data from eight "archive files" to a third-party cloud storage provider, later noting that "unless a separate copy was taken, it is possible that the third party behind this incident lost access to the data as soon as the accounts were suspended."

In an email Tuesday, the school division said third-party cyber experts were unable to confirm which information was taken, if any.

It said the social insurance numbers and banking information of some of its employees could have been stolen, along with the names and contact details of former and current employees, students and parents. The records in question dated back to February 2010 for staff and September 1997 for students.

The privacy commission report also said the health card numbers, ages, gender and student numbers of parents and students could have been stolen.

Read the privacy commission report here:

Natalia Stakhanova, a University of Saskatchewan computer science associate professor and Canada Research Chair in security and privacy, called the amount of information potentially leaked "astonishing."

"The impact of this lost or stolen information could be lifelong for a person," she said.

"It's sort of in the hands of these individuals that might or might not use this data, and you don't even know when they might decide to use this data, and how."

In an email, the school division said a third-party vendor that specializes in cyber security has been monitoring the so-called "dark web" on behalf of the school division and has not found any stolen information so far.

Stakhanova described the dark web as an unregulated space with a combination of forums where criminals can buy and sell things like goods, information or services.

She said monitoring the dark web means going to specific forums where that type of information is typically sold, and scanning the conversations and posts.

A social insurance number could be used to open a bank account, apply for credit cards or a mortgage, among other actions, she said. It's stressful for those people at risk, she added.

Canada's policy is not to issue someone a new social insurance number without proof the existing one was used fraudulently.

"The person who receives a new [SIN] is still responsible for everything that happens with the old SIN," Stakhanova said.

In a post to the school division page in August, director of education Keith Keating wrote that South East Cornerstone had been unable to figure out what data had been copied. He outlined information that could have been stolen:

People enrolled in Assiniboia Park Elementary School, Souris Elementary School, Haig Elementary School and Weyburn Junior High School from 1997 to 2008:
- Name, address, student ID number, date of birth, grade and treaty number may have been impacted.
People enrolled in all South East Cornerstone Public School Division schools from 2004 to 2022:
- Name, marks and classes enrolled in may have been impacted.
People enrolled in the division's schools in 2011 born outside of Canada:
- Country of birth and first language.
People enrolled in the division's schools from 2012 to 2022:
- Name, address, phone number, learning ID or student ID, date of birth, gender, grade, name and email address of parent or guardian and aboriginal status may have been impacted.
Parents or guardians of students enrolled in the division's schools from 2013 to 2022:
- Name, phone number and email address may have been impacted.
People enrolled in the division's schools from 2018 to 2021:
- Health card number may have been impacted.

Keating also wrote that the school division had been scanning the dark web and had not found evidence that the data had been published.

He also said the school had implemented enhanced security measures to prevent a similar incident from happening again.

The school division is based in Weyburn, but includes 35 schools as far north as Rocanville, west to Ogema, south to Bienfait and east to Maryfield.

Commissioner recommends division scan dark web for 5 years

Saskatchewan's privacy commissioner, Ronald Kruzeniski, wrote in his report that the school division said credentials for an employee on a leave of absence for nearly a year were compromised, though it does not know how. The school told Kruzeniski the credentials remained active because the employee needed access to the system to coach basketball.

Kruzeniski told CBC the school division did well containing the breach, investigating it and notifying those it affected — but laid out some recommendations, including developing a policy about staff access to systems while on leave.

Recommendations included policy changes to network access, information retention and password policies, but also a long-term recommendation to monitor the dark web for five years after the breach.

Kruzeniski said the information could be "sat on for six months or a year or possibly longer."

"You just never know when the information might get released."

Ronald Kruzeniski, Information and Privacy Commissioner for the Province of Saskatchewan, delivered his annual report on Wednesday.

Ronald Kruzeniski, Saskatchewan's information and privacy commissioner. (Kendall Latimer/CBC)

There's no magic formula to the five-year recommendation, he said, but it has become a standard and seems more reasonable than 10 years.

Stakhanova said five years isn't enough time.

"There have been numerous cases where the information from the data breaches was not used immediately but was actually leveraged by attackers later on," she said, referencing the 2012 LinkedIn cyberattack.

Lancashire Telegraph
Jay Slater ‘took person's £12K Rolex’ watch and left rental property ‘feeling scared’
Mark Williams-Thomas, a former police officer, has provided an update after speaking with family, friends, and witnesses.
OK! Magazine
This Morning fans all say the same thing over Britain's most-tattooed woman as she joins show in bikini
Britain's 'most tattoed mum' made an appearance on This Morning in nothing but a white bikini to show off all of her tattoos, but fans all say 'it's her choice'
OK! Magazine
Corrie's 'Curly' Watts unrecognisable as he lands new role 20 years after soap exit
Kevin Kennedy is most recognised for his role as Norman "Curly" Watts on Coronation Street, but now, the actor is preparing to make his return to the stage in an entirely new role
The Guardian
Female tennis stars push boundaries with outfits at Wimbledon
Coco Gauff wears a Serena Williams-style dress while Naomi Osaka’s ruffles divide fans
The Telegraph
Father of missing Jay Slater questions why two men took the teenager to their cottage
Jay Slater’s father has questioned why two grown men took his son to a remote cottage in Tenerife before he disappeared.
The Telegraph
Starmer’s worst blunder should disqualify him as prime minister
The single biggest thing that happened over the last Parliament was the Covid crisis. It had an immeasurable impact on our economy and society. And Labour’s record in that period, especially during 2021, was appalling. Indeed it was sufficiently bad that at the time many people said Starmer’s errors ruled him out of any possible future as Prime Minister.
The Daily Beast
Daughter, Zara Tindall, ‘Shaken to the Core’ by Princess Anne’s Amnesia
Zara Tindall has been left “shaken to the core” by her mother Princess Anne’s mystery encounter with a horse which left her with a brain injury that has resulted in amnesia, according to a report.OK! Magazine says that Zara, 43, has been left freaked out by the incident which saw Anne, 73, also known as The Princess Royal, struck by a horse while she was out walking, alone, on Sunday, June 23, at her home, Gatcombe Park, in the Cotswolds.She was treated at the scene and then hospitalized for fiv
OK! Magazine
Ruth Langsford 'sends love' in touching message after heartbreaking loss
Ruth Langsford sent supportive words to her former Strictly Come Dancing co-star Gemma Atkinson after learning of her heartbreaking news
OK! Magazine
Prince Harry 'one of the most unpopular figures in the US' amid fresh controversy
A royal commentator has claimed that the Duke and Duchess of Sussex are "two of the most unpopular figures in the US" after Prince Harry's latest award received backlash
Hello!
Davina McCall turns heads with daring photo in racy string bikini
Davina McCall isn't shy of strutting her stuff in a fabulous bikini. See her latest swimwear display.
HuffPost
New Poll Finds 1 Democrat Absolutely Trouncing Trump
Just one problem: This person doesn't seem interested in running, should the opportunity arise.
Manchester Evening News
Intelligence trail leads cops to suspicious minibus travelling back from Glastonbury on the M56
Four people are in custody
Manchester Evening News
GP says four signs in feet mean 'see a doctor'
Early clues of a potential issue can often be found in our feet
OK! Magazine
Unlikely couple could move into Prince Andrew's Royal Lodge home in Windsor
As King Charles is reportedly urging his brother Prince Andrew to downsize his home from the Royal Lodge in Windsor to Frogmore Cottage, there are a few names being suggested as new residents
OK! Magazine
'Reason' wedge between Kate Middleton and Prince Harry has become 'even larger'
Princess Kate and Prince Harry were once incredibly close, with Harry even describing his sister-in-law as "the sister I never had, but always wanted"
Isle of Wight County Press
WATCH Shocking video shown in court of pensioner just missing cars head on
VIDEO Isle of Wight man aged 75 who drove a Citroen C3 dangerously appeared before magistrates.
News Shopper
Watch the horrible moment elderly man is pickpocketed on south east London bus
Organised crime groups are targeting vulnerable people visiting banks, police say. One incident was on a south east London bus.
Futurism
Researchers Make Breakthrough in Study of Mysterious 2000-Year-Old Computer Found in Shipwreck
Researchers say they have used cutting-edge gravitational wave research to shed new light on a nearly 2,000-year-old mystery. In 1901, researchers discovered the Antikythera mechanism in a sunken shipwreck, an ancient artifact that dates back to the second century BC. Well over a century later, researchers at the University of Glasgow say they have used […]
The Telegraph
Labour’s possible new job for Harriet Harman couldn’t be more alarming
Women’s rights have figured far more prominently in this election campaign than Labour would have liked. Now, in what should cause considerable alarm, the issue seems to be gathering momentum, with rumours swirling that Harriet Harman, who is retiring as an MP, is set to be appointed as the new chair of the Equality and Human Rights Commission (EHRC).
Manchester Evening News
Urgent recall on blood pressure medication over cardiac arrest fears
Over 100 batches of faulty medication are being recalled as it could result in hyperkalemia, irregular heartbeats and even cardiac arrest

Latest stories