Recent 'cyber incident' at northern Ontario school board points to growing problem, says cybersecurity expert

A recent cyber incident at northern Ontario's Rainbow District School Board, in the Sudbury area, points to the growing frequency of such attacks, according to a cybersecurity expert.

"The frequency and intensity of cyber incidents is increasing, and predictably," said Junior Williams, a cybersecurity expert with MOBIA, a firm that specializes in technology solutions.

"There's this saying in the cybersecurity community that the good guys have to get it right all the time, but the bad guys only have to get it right once." 

The Rainbow District School Board — which includes 38 public schools in Sudbury, Espanola and on Manitoulin Island — said in an update to staff and parents that it "experienced technical difficulties with its computer system on Friday, Feb. 7, 2025."

Around that time, schools lost internet access and staff members were not able to connect to their work emails.

The school board later reported that the personal information of students and staff, including social insurance numbers, home addresses and medical information, had been compromised.

The Rainbow Board has offered those affected two years of free credit monitoring, and added that it's working with third-party experts to investigate the "cyber incident."

Williams says criminals see public institutions like school boards, universities and hospitals as valuable targets for cyberattacks because they have access to valuable private information.

They also tend to dedicate fewer resources to cybersecurity than other high-priority targets, such as financial institutions.

Williams says cybersecurity needs to be a top-down priority for organizations like school boards.

"The superintendents, or whoever is responsible overall for the organization, need to understand what is under their purview," he said.

"And then they need to put some thought into examining each asset and being like, 'If this is compromised, what is the cost?'"

Williams says that because cyberattacks are more common today, almost everyone in Canada has probably had their personal information compromised at some point.

"There [are] details of hundreds of millions, if not billions, of people just sitting on the dark net," he said.

"You don't even need to pay for it. It's just there, right? Which is again driving home that point of making sure that you have strong passwords in play."

In addition to using strong passwords online, Williams says people should use two-factor authentication or passkeys for services that support them.

A passkey allows a person to use their phone instead of a password, and relies on their biometrics, such as a fingerprint or face ID to log into a service.

He says people should also watch their financial accounts closely and sign up for credit monitoring if they suspect a bad actor has their personal information. 

If they suspect or find suspicious activity in their financial accounts, they should contact Equifax and TransUnion to freeze their credit, he added.