Some Ontario current and retired public high school teachers and related staff are being notified that their personal information was copied by a hacker as part of a ransomware attack on their union’s IT systems last spring.
The Ontario Secondary School Teachers Federation (OSSTF) said Wednesday it realized on May 30th that an unauthorized third party had accessed and encrypted some of the union’s systems. The systems were compromised around five days earlier.
Members were quietly notified about the attack at the time. Now affected members being told their data was stolen.
Caitlin Reid, the federation’s media and communications advisor, couldn’t immediately tell IT World Canada how many of its members are being notified, nor how many IT systems were encrypted by the attacker.
“It didn’t have enormous effects” on the federation’s operations, she added.
“We hired a forensics firm immediately to contain and investigate the incident. We’ve now notified our members about the incident, that it’s an ongoing investigation.”
Asked why it took six months for members to be notified, Reid said an e-discovery process had to be completed to review personal information that may have been impacted. That took several months to complete. “As soon as that process was done, we reached out to members.”
OSSTF has over 60,000 members across Ontario, including public high school teachers, occasional teachers, educational assistants, continuing education teachers and instructors, early childhood educators, psychologists, secretaries, speech-language pathologists, social workers, plant support personnel, university support staff, and many others in education.
In its statement, the union said while it has no evidence at this time the personal data of members has been misused, depending on the type of personal information impacted it may provide to the affected individuals credit monitoring and identity theft protection services with Equifax, at the OSSTF’s expense, for one year.