Content
Skip to Main ContentAccessibility Help
Sudbury

Financial, medical information stolen during cyber attack on Rainbow District School Board

The Rainbow District School Board says the cyber criminals responsible for an attack on the board’s computer systems earlier this month stole sensitive personal information belonging to staff and students – including social insurance numbers and bank account information belonging to current and former staff members; social insurance numbers belonging to former students who received scholarships; and medical information for current and former students.

The board now says the hack impacts current and former students dating as far back as 2010

CBC News ·
Close up of hands typing on a laptop keyboard.
The board is offering free credit monitoring to those whose financial information was exposed. (Tero Vesalainen/Shutterstock)

A major school board in the Sudbury area is offering more details on the severity of a recent cyber attack, and what information was compromised.

The Rainbow District School Board,says the cyber criminals responsible for an attack on the board's computer systems earlier this month stole sensitive personal information belonging to staff and students – including social insurance numbers and bank account information belonging to current and former staff members; social insurance numbers belonging to former students who received scholarships; and medical information for current and former students.

The data breach affects people who worked for the board as early as 2010 and students who attended a school in the Rainbow District School Board as early as 2011.

"We take this matter very seriously and apologize to all those who are affected," the board wrote in a notice posted to its website on Thursday.

"We understand this news will be as concerning to you as it is to us and we are deeply sorry."

Hackers accessed SINs belonging to scholarship recipients

Criminals may have accessed the following information belonging to students, the board said:

  • Personal information, including contact information, birth dates, academic achievement data, Ontario Education Numbers and, in some cases, medical and immigration information for all students who graduated between June 2012 and June 2024.

  • Assessment information, medical diagnoses, health card numbers, behavioral information and information about accommodation and student support needs belonging to current and former students with identified exceptionality who have been enrolled in an Intensive Support Program (ISP) since 2019.

  • Contact information and place of employment information for parents of the above groups.

  • Social insurance numbers for former students who were enrolled in a Rainbow School since 2011 and who received a scholarship and a T4A slip for income tax purposes.

In addition, the attack exposed school photos from the 2012-2013 to 2024-2025 school years. However, those photos are not attached to names or other identifying information, the board said.

A sign reads Rainbow District School Board
The Rainbow District School Board reveals more details on compromised information from a cyber hack earlier this month. (CBC)

Anyone employed by the school from January 2010 onward is also affected, including  full-time, part-time and occasional staff, it said.

Hackers accessed the following data:

  • Address and primary phone numbers of staff members from 2010 onward.

  • Social insurance numbers of staff members from 2012 onward.

  • Bank account numbers of staff members from August 2017 onward.

  • Employee ID/compensation and benefit information/Ontario Ministry Educator Number (for teachers only) and police background check information for employees from September 2018 onward.

In addition, they may have accessed medical information such as doctor notes, physical abilities forms and leaves of absence forms belonging to staff members from 2022 onward.

The Rainbow District School Board has reported the cyber crime to the Greater Sudbury Police Service and the Ontario Provincial Police, the board said.

It is offering a two-year TransUnion credit monitoring  service, free of charge, to all current and former staff whose personal information was compromised. 

It's offering the same service to affected scholarship recipients whose social insurance numbers have been compromised and who have reached the age of majority.

Former students who wish to sign up for the service should contact cyberincident@rainbowschools.ca, the board said. Staff and former students who believe they have been victims of identity theft related to the incident should email the same address. 

The president of the Ontario Secondary School Teachers' Federation district serving Espanola, Manitoulin and Sudbury said he's heard from members who are concerned about the breach.

But Eric Laberge said some are also experiencing déjà vu.

Teachers hit with cyber attack previously

"This is something that they – for the most part, especially those that have been hired more than three years ago – have gone through already," Laberge said.

"Because there was a cyber incident with our provincial federation."

The Rainbow board began experiencingtechnical difficulties with its computer system on Friday, Feb. 7, officials said.

Officials took measures to protect the network and the data stored on it, they said, beginning a system-wide shutdown 10 a.m. that day at the Centre for Education and all 38 public schools in Sudbury, Espanola and on Manitoulin Island.

By mid-afternoon, the board had confirmed and announced that the technical difficulties were due to a cyber incident.

Since then, officials said, they have been working with cyber security experts to assess the impact, and that work continues.

CBC's Journalistic Standards and Practices|About CBC News
Corrections and clarifications|Submit a news tip|

Related Stories