Ottawa’s public school board paid hackers following cyberattack

Supported By:

Net Patrol International Inc.  Data Investigation and Forensic Services
Bankruptcy and Insolvency Trustees

In October, Ottawa’s French public school board says it was the victim of a network security breach and it paid the hackers a ransom to secure the stolen data.

In a statement on its website, the Conseil des écoles publiques de l’Est de l’Ontario (CEPEO) said it was notified of the cyberattack on Oct. 18.

Even though the network was secured later that day, but officials learned hackers had stolen approximately 75 gigabytes worth of data about employees, students, and parents dating back to 2000 that was stored on a server at the board’s main office.

“If you were employed by CEPEO at any time after 2000, your personal information may have been stored on the server,” the board said. “We will use the contact details available to write to you personally within a week if your social insurance number, bank account number, unexpired credit card number, or date of birth has been compromised. Where applicable, we will also provide you with a free credit monitoring service for a period of 24 months.”

The board said that those who have been impacted will be contacted as soon as possible. The reason it took so long to announce the breach was because the board spent a lot of time analyzing what data was taken in order to offer the best advice, it said.

Anyone with questions about the incident is asked to contact

The school board did not say how much money was requested or paid to the hackers. In a statement, a CEPEO spokesperson said the board believed the payment was the best way to quickly secure the data.

The statement said “protecting our community members was and remains our first priority. Therefore, after careful consideration, we made the decision to make a payment to the actors as it was the best chance to secure the data. We have received statements indicating that the data has been deleted. We are nonetheless providing this notification.”

“Our efforts are focused on identifying individuals whose compromised information included data commonly used to commit identity theft in order to support their notification. We encourage people who would like to know if their information was part of the stolen data to write to us.”

The board contacted police and the Ontario privacy commissioner. Ottawa police would not comment.

Officials want to apologize to the people affected and urged them to remain vigilant for possible attempts to target them personally.

“We ask all members of our community to be vigilant. As always, you should watch out for phishing emails and other suspicious communications and monitor your financial accounts for any signs of fraudulent use,” the CEPEO said.

This article was originally sourced by