BC Freedom of Information and Privacy Association
Your Data Your Rights
Phillip Blancher
Local Journalism Initiative Reporter
BROCKVILLE – A cyber attack which compromised the data of tens of thousands of current and former students, staff, and donors of the Upper Canada District School Board now has a price tag – approximately $3 million.
Trustees learned of the financial impact of the January 2025 hack on the school board at their April 9 meeting.
Executive Superintendent of Business Jeremy Hobbs presented a third financial outlook for the 2024-25 school year, which reported the board was pushed into a compliance deficit of $500,000 for the year.
“That’s primarily driven by the cyber incident, about $3 million dollars,” Hobbs told the board. The expenses included the immediate response to the January 5 incident, consulting fees, restoring services, and adding further security measures.
“That $3 million is offset by other places in the organization where we’re expecting lesser expenses,” he continued. Those reduced expenses left about $1.3 million to be covered by the operational surplus/deficit.
In early January, school board internet services were shut down for several weeks following a cyber attack. Through subsequent investigations by the board and consultants it retained, the UCDSB announced a significant breach of student, employee, and donor data going as far back as 1998. The board has deemed the breach not a significant exposure for identity theft or other issues, but has offered credit monitoring services for some of those affected for two years.
Computer networks and internet access for the nearly 28,000 students and 4,000 staff were eventually restored by late February.
Hobbs continued that the board was in comfortable shape to carry the deficit. By law, Ontario school boards must stay within one per cent of its operating budget for any year-to-year deficits or surpluses. For the UCDSB, that amount is approximately $4.1 million in 2024-25.
The cyber attack on the UCDSB happened around the same time as many school boards across Canada and the United States were hit with a breach at software provider PowerSchool. The UCDSB is a customer of PowerSchool, but the attack is not related to that company’s data breach.
The Local Journalism Initiative (LJI) is a federally funded program to add coverage in under-covered areas or on under-covered issues. This content is created and submitted by participating publishers and is not edited. Access can also be gained by registering and logging in at: https://lji-ijl.ca
You can support trusted and verified news content like this.
FIPA’s news monitor subscribers, donors and funders help make these available to everyone rather than behind a paywall. We appreciate every contribution because it makes a difference.
If you found this article interesting and useful, please consider contributing here.
