Rhysida ransomware group claims breach Pembina Trails School Division
Learn More
Pembina Trails School Division, which serves over 35 schools, has confirmed a ransomware attack that was initially detected on December 2, 2024. The Rhysida ransomware group has claimed responsibility for the attack on January 31, 2025.
The immediate impact of the attack included network system interruptions, offline phone systems, temporary payroll system outages and various IT system disruptions.
Rhe attackers have posted sensitive data on the dark web, including passport images containing personal information such as photographs, names, gender, and place of birth. The cybercriminals are demanding 15 BTC (Bitcoin) for the stolen data, with a 6-day time limit for payment.
The compromised data includes records of students who attended the division's schools between 2014 and December 2, 2024. Initially the division claimed there were no indications of exposed personal information. In a January 23 update, they confirmed that unauthorized third parties had accessed:
- Student information
- Payroll data
- Staff personal information
- Passport information
The number of affected individuals has not been disclosed.
The schools are open and classes are running. No other statements are available from the division.
Update - as of 12th of April 2025, according to VenariX, a Texas-based cybersecurity company that investigated the incident, the Rhysida hacking did not find buyers when they attempted to sell the stolen 5.4 terabytes of data for 15 bitcoins (approximately $1.6 million). After that, the group uploaded nearly one million files to the dark web, making the sensitive information publicly accessible.
The school division confirmed that the hackers demanded a ransom, which was not paid. In response to the breach, Pembina Trails School Division is offering three years of credit monitoring services at no cost to current and former staff. The number of affected individuals is still not disclosed.
