Rainbow District School Board reports data breach

The Rainbow District School Board in Ontario, Canada has confirmed a data breach following a cyber incident discovered on February 7, 2025. The investigation confirmed that sensitive data was stolen, affecting current and former employees, students, parents, and guardians spanning over a decade of records.

The exposed data includes: 

Employee records from January 2010 to February 2025:

• Social Insurance Numbers (SIN), 
• bank account numbers, 
• police background checks, 
• various medical information including doctors' notes and leaves of absence documentation
• home addresses 
• phone numbers 

Student records from from 2011 to 2025, encompassing current students, graduates from June 2012 to June 2024, and participants in the ISP program since 2019.

• dates of birth, 
• home addresses, 
• parent/guardian contact details, 
• academic records, 
• medical information including provider identities, diagnoses, health card numbers, and SIN numbers.
• school photos from the 2012-2013 through 2024-2025 academic years

The nature of the attack and number of affected individuals is not disclosed.

The school board has reported the incident to both the Greater Sudbury Police Service and the Ontario Provincial Police, and notified the Information and Privacy Commissioner of Ontario (IPC).

The board is providing a two-year TransUnion credit monitoring service at no cost to all current and former staff whose personal information was compromised. This service is also being extended to affected scholarship recipients who have reached the age of majority and had their social insurance numbers exposed.

Update - as of 1st of March 2025, Rainbow District School Board has issued an update regarding the cyber incident. According to the board's statement, the sensitive data that was acquired by unauthorized individuals during the breach "was deleted and has not been shared." It seems the board decided to pay the ransom, but that doesn't mean the data won't surface at a later date.