N.S. offers online protection for Cape Breton students, staff hit by school cyberattack

Nova Scotia's Department of Education is offering students, parents and staff some online protection after a cybersecurity breach earlier this year.

But an expert says those affected will have to remain on guard to protect their personal information.

The Cape Breton-Victoria region was the only school district in the province to be hacked during a North America-wide data breach of the U.S.-based PowerSchool service.

Students and former students in Cape Breton were sent letters this week, saying their names and addresses, dates of birth, medical information and other school records were stolen.

Education Minister Brendan Maguire said those too young to have a credit score are being offered online identity protection, while others are being offered credit monitoring for two years.

"The main thing right now is ensuring that their information that has been compromised ... [is] protected, and moving forward, they have the protection there to ensure that they haven't been financially or personally impacted," he said.

School officials say the data breach affected nearly 42,000 students, parents and staff over a number of years.

PowerSchool paying for online protection

The department says the cost of the online protection is being paid by PowerSchool.

Maguire said it's not clear why only one regional centre in the province was affected. "I can't get into the mind of a criminal," he said.

Some school boards in other jurisdictions have been hit with ransom demands, but not Cape Breton.

PowerSchool says its service is now secure, according to Maguire.

"Obviously, there's nefarious forces out there that are always looking to get into this kind of information, so we're continuously monitoring and we're continuously working with them to ensure this is safe for everybody involved," he said.

Schools across the province continue to use the service to track enrolment, attendance and grades.

"It is a state-of-the-art program. We haven't had many problems with it," Maguire said. "Obviously this is something that is troublesome." 

Francis Syms, associate dean of applied science and technology at Toronto's Humber Polytechnic, said people should take the protection offered by the government, but they should remain vigilant.

For example, former students could be contacted about an upcoming class reunion and it could sound legitimate, but could be used to get financial information, he said.

Consider local solutions

"I think especially over the next year or so, we have to assume that that data is going to be sold and used to commit fraud on us and we have to be suspicious of anybody calling us," Syms said.

Having data stored with a company outside Canadian borders leaves governments with little leverage to go after the company or the hackers, he said.

Governments should instead consider finding local data storage solutions.

"In Canada, we have some laws around how data can be shared, which work sometimes, don't work other times, but in the U.S., there's no federal statute around that.

"So if you're working with an organization that has your data in the U.S., all bets are off as to where that data goes or could be sold."

MORE TOP STORIES