Appalling Pembina Trails Hack Could Cause a Lot of Damage, Privacy Expert Says

A devastating breach of personal data has left students and teachers in the Winnipeg school division reeling, with almost a million files containing sensitive information released on the dark web. The attack, carried out by ransomware hacking group Rhysida in December, has sparked concerns about the security measures in place to protect student and staff data.

"It's appalling and can cause so much damage," said Ann Cavoukian, executive director of Global Privacy and Security by Design and a former Ontario privacy commissioner. "Unauthorized third parties can use your personal information to present you in a different light … and also to give unauthorized third parties access to your personal information. They can go do whatever the heck they want with it."

The security breach, which affected the Pembina Trails School Division, saw hackers gain access to sensitive data, including names, dates of birth, confidential business data, personal health information, email addresses, payroll information, credit card statements, and even photos of valid passports.

According to student Sabastian Kelly, who is in Grade 10, while students had their personal data leaked, he's mostly worried about teachers and other school staff who have had more sensitive information like social insurance numbers exposed in the attack. "We can't do too much to not have it out there because it's already been released," Kelly said.

"Obviously I'm not an IT professional," Kelly added. "But what I can say is that this information … should have been protected a little bit better."

Cavoukian echoed Kelly's sentiments, stating that the Pembina Trails attack, while appalling, is not surprising. "When governments, schools, school boards have personally identifiable information … this should be very strongly protected," she said.

A Global Perspective

However, it appears that the Pembina Trails breach is not an isolated incident. VenariX, an American firm that investigates cybersecurity incidents, found that the leaked data from 31 other school divisions was also available on the dark web. This raises questions about the global scope of the problem and whether similar breaches are occurring in Canada.

"It's a wake-up call for all organizations that handle sensitive information," said Cavoukian. "There should be walls put around it so that unauthorized third parties can't gain access to it."

What Can Be Done?

While some damage has already been done, there are steps that can be taken to mitigate the effects of the breach. According to Cavoukian, encryption and strong security measures should have been in place to protect the sensitive data.

"It's not a question of if, but when, another breach will happen," she said. "We need to take proactive steps to prevent it."

Conclusion

The Pembina Trails hack is a stark reminder of the importance of robust cybersecurity measures in protecting sensitive data. While some damage has already been done, by taking proactive steps and learning from this breach, we can work towards creating a safer online environment for everyone.