Hackers tried to sell Pembina Trails School Division student, staff info on dark web
Photos of valid passports, staff payroll information and credit card statements were among the nearly 1 million files uploaded onto the dark web after a recent ransomware attack by a hacker group on a south Winnipeg school division.
The Pembina Trails School Division was hit in December by a data breach carried out by a hacker group known as Rhysida, which stole personal information of students, teachers and families.
The division confirmed Friday the hacker group demanded a ransom to get the data back, but said it wasn't paid. The group then advertised the sale of personal information and photos of students, teachers and staff going back to 2011 on the dark web — a part of the internet that can't be accessed with a traditional web browser.
When no one bought the data, the group uploaded it online.
The data that was possibly exposed includes names, dates of birth, confidential business data, personal health information and email addresses.
Colleen Peluso, who has three children in the Pembina Trails School Division, says some of their personal data was among the information stolen, alongside that of thousands of other students and staff.
"Every year, the parent council at our school does cybersecurity and internet safety talks, which I go to. I've tried really hard to protect my family," Peluso said.
Company found data on dark web
VenariX, a Texas-based company that investigates and records cybersecurity incidents, said it decided to investigate the breach to learn more.
The company has no connection with the Pembina Trails School Division, but found the division's data on the dark web and put together a report on its website that included pixelated images of the stolen information to help people learn about the hack.
The hacker group listed the 5.4 terabytes of data stolen from Pembina Trails online and was selling it for 15 bitcoins — the equivalent of roughly $1.6 million.
WATCH | Hackers tried to sell data stolen from division:
Hackers tried to sell info after Pembina Trails School Division cyberattack
48 minutes ago
Duration 2:10
The Pembina Trails School Division was hit in December by a data breach carried out by a hacker group known as Rhysida, which stole personal information of students, teachers and families, and then tried to extort more than $1.5 million from the south Winnipeg school division.
"Some of them will try to sell that data to somebody else that is interested … just to make a profit. If they do sell it, some will just remove it off their website like it wasn't even there," said Luciana Obregon, who works with VenariX.
"But if they weren't able to sell it, they basically make it available for anybody to go in and do whatever they want with it."
Screengrabs viewed by CBC show documents with names, birth dates, health information, email addresses and bank account numbers.
Initially, the division said the stolen information dated back to 2014, but it's since learned a backup database was also accessed, with information going back to 2011.
The Winnipeg Police Service's financial crimes unit is investigating.
Teacher and student data "should never be compromised," Manitoba Teachers' Society president Nathan Martindale said in an emailed statement.
"There's no doubt this will cause our members extreme psychological stress."
The division hired its own cybersecurity company to investigate. It's offering three years of a credit monitoring service at no cost to current and former staff and is encouraging families to be vigilant.
Divisions 'don't understand how valuable' data is
The group claiming responsibility for the Winnipeg ransomware attack is believed to be a criminal operation from Russia or eastern Europe. Rhysida has also claimed attacks against government institutions in Portugal, Chile and Kuwait, according to the Guardian.
Pembina Trails was one of many school divisions attacked across Canada. Obregon says she's found leaked data from 32 of them on the dark web.
Another victim of the same group that targeted the Winnipeg division is the Qualifications Evaluation Council of Ontario, a group that evaluates teachers' qualifications for salary categorization purposes. It was hit by an attack last July that may have exposed confidential business data and personal information, some of which has been posted to the dark web, said Obregon.
QECO executive director Liz Papadopoulos described the cyberattack as a "painful matter" and said no financial information was stolen. Everyone impacted was contacted and systems were secured, she said, but she declined to comment further.
Cybersecurity expert Hadis Karimipour said ransomware attacks on schools and school divisions have become more common, as many focus on quickly digitalizing things without keeping security in mind.
"They don't understand how valuable their data is and why cybercriminals would be interested. So they don't invest in it," said Karimipour, Canada Research Chair in Secure and Resilient Cyber-Physical Systems and an associate professor at the University of Calgary.
That data can be extremely valuable for things like identity theft, she said.
Karimipour said one of the easiest things organizations like school divisions can do to protect themselves is to invest in training for employees, helping them to recognize things like phishing emails and learn how work systems can be compromised if they're connected to personal devices that have been breached.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Vancouver Sun
7 hours ago
- Vancouver Sun
Families of October 7 victims sue Meta for $1B for allowing atrocity footage on Facebook
Families of victims of the Oct. 7, 2023 Hamas invasion of southern Israel have filed a class-action suit against Facebook parent Meta for failing to block the distribution of footage of the murder, abduction and torment of their loved ones. The lawsuit, filed in Tel Aviv District Court, seeks 4 billion shekels (approximately US$1.1 billion) in damages. This comprises 200,000 shekels (approximately US$58,000) for each October 7 victim whose suffering was documented and shared online; 200,000 shekels to their immediate family members and close friends who saw the footage and 20,000 shekels (approximately US$5,800) for each Israeli exposed to the footage, Calcalist reported on Monday. According to the plaintiffs, which also include some survivors, the footage turned Facebook and Instagram into 'an integral part of the terrorist attack on Israel.' Start your day with a roundup of B.C.-focused news and opinion. By signing up you consent to receive the above newsletter from Postmedia Network Inc. A welcome email is on its way. If you don't see it, please check your junk folder. The next issue of Sunrise will soon be in your inbox. Please try again Interested in more newsletters? Browse here. 'For many hours, in real time and long after the terrorist attack, horrific documentation from the attack (to put it mildly) was disseminated, showing innocent civilians — children, elderly, women, and men — subjected to atrocities that even paper cannot bear to describe,' the plaintiffs' attorneys wrote in the claim, Calcalist reported. The footage included 'murder, extreme violence' and 'abduction of civilians and soldiers, both living and dead,' among other brutal scenes. The plaintiffs are represented by the Givatayim-based law firm of Matri, Meiri, Wacht & Co. The attorneys from the firm argue that the videos were allowed to remain online for weeks in many cases, contradicting Meta's stated policies, Calcalist reported. Mor Baider, one of the lead plaintiffs, discovered his grandmother's death through a Facebook post by the terrorists. Baider's grandmother, Bracha Levinson, was a resident of Kibbutz Nir Oz. 'Grandma was murdered on Facebook,' Baider said during an interview marking the first anniversary of the attack. The plaintiffs say Meta did not activate its live content monitoring systems, deploy its rapid response team or remove the content quickly, 'nor long thereafter (and in fact — to this very day,' according to the claim. 'The Respondent acted contrary to its policy, its commitments, and its obligations, allowing its social networks to serve as a weapon, as an inseparable part of the terrorist attack on the State of Israel,' according to the claim. According to Calcalist, Meta responded: 'Our hearts go out to the families affected by Hamas terrorism. Our policy designates Hamas as a proscribed organization, and we remove content that supports or glorifies Hamas or the October 7 terrorist attack. 'Following the attacks, we established dedicated teams that work around the clock to remove content that violates our policy, while ensuring our platforms remain available for condemning Hamas and raising awareness for the victims, including the hostages held in Gaza.'
Edmonton Journal
8 hours ago
- Edmonton Journal
Families of October 7 victims sue Meta for $1B for allowing atrocity footage on Facebook
Families of victims of the Oct. 7, 2023 Hamas invasion of southern Israel have filed a class-action suit against Facebook parent Meta for failing to block the distribution of footage of the murder, abduction and torment of their loved ones. Article content The lawsuit, filed in Tel Aviv District Court, seeks 4 billion shekels (approximately US$1.1 billion) in damages. This comprises 200,000 shekels (approximately US$58,000) for each October 7 victim whose suffering was documented and shared online; 200,000 shekels to their immediate family members and close friends who saw the footage and 20,000 shekels (approximately US$5,800) for each Israeli exposed to the footage, Calcalist reported on Monday. Article content Article content Article content Article content 'For many hours, in real time and long after the terrorist attack, horrific documentation from the attack (to put it mildly) was disseminated, showing innocent civilians — children, elderly, women, and men — subjected to atrocities that even paper cannot bear to describe,' the plaintiffs' attorneys wrote in the claim, Calcalist reported. Article content The footage included 'murder, extreme violence' and 'abduction of civilians and soldiers, both living and dead,' among other brutal scenes. Article content The plaintiffs are represented by the Givatayim-based law firm of Matri, Meiri, Wacht & Co. Article content The attorneys from the firm argue that the videos were allowed to remain online for weeks in many cases, contradicting Meta's stated policies, Calcalist reported. Article content Article content Mor Baider, one of the lead plaintiffs, discovered his grandmother's death through a Facebook post by the terrorists. Baider's grandmother, Bracha Levinson, was a resident of Kibbutz Nir Oz. Article content Article content 'Grandma was murdered on Facebook,' Baider said during an interview marking the first anniversary of the attack. Article content The plaintiffs say Meta did not activate its live content monitoring systems, deploy its rapid response team or remove the content quickly, 'nor long thereafter (and in fact — to this very day,' according to the claim. Article content 'The Respondent acted contrary to its policy, its commitments, and its obligations, allowing its social networks to serve as a weapon, as an inseparable part of the terrorist attack on the State of Israel,' according to the claim. Article content According to Calcalist, Meta responded: 'Our hearts go out to the families affected by Hamas terrorism. Our policy designates Hamas as a proscribed organization, and we remove content that supports or glorifies Hamas or the October 7 terrorist attack.
Montreal Gazette
a day ago
- Montreal Gazette
Montreal's GardaWorld green lit to bid up to US$138M on ‘Alligator Alcatraz' ICE contracts
A U.S. subsidiary of GardaWorld, the Montreal-based security giant reportedly helping staff the Florida detention site known as 'Alligator Alcatraz,' has been cleared to bid up to US$138 million on ICE contracts. GardaWorld Federal Services, a Virginia-based arm of GardaWorld, was among dozens of companies shortlisted by ICE (U.S. Immigration and Customs Enforcement) under an emergency procurement programme, government records show. ICE's agreement with GardaWorld's U.S. subsidiary sets a limit of US$138 million (CAN$190 million) on the value of contracts the company can compete for, The Gazette has confirmed. It was first reported by The Globe and Mail. The contracts are part of a sweeping effort by U.S. President Donald Trump to expand detention capacity across the country. GardaWorld was already contracted to provide security and correctional staff at 'Alligator Alcatraz, ' a remote facility in Ochopee, Florida. It is expected to house up to 3,000 detainees. The site has drawn growing criticism from rights groups, who warn of poor oversight, overcrowding and unsafe conditions. It gained notoriety after Trump visited in July and jokingly referred to its swampy surroundings by saying there were 'a lot of police officers in the form of alligators.' Homeland Security Secretary Kristi Noem said Monday that 'Alligator Alcatraz' would serve as a model for future state-run migrant detention centres. She also said she hopes to launch similar facilities in the coming months, including in airports and jails. According to the Miami Herald, GardaWorld was awarded a separate contract worth US$8 million to provide staffing for the Florida facility. In July, The Gazette reported that GardaWorld was seeking armed guards for 'a remote part of southern central Florida,' offering US$25 per hour, plus travel, meals and accommodation. The posting outlined strict requirements for applicants: candidates were required to hold Florida gun and security licences, have at least one year of armed experience, and legally own a registered semi-automatic handgun. GardaWorld provides a wide range of private security services in Canada and abroad, including airport screening, cash transport and personal protection. The company was founded by Stephan Crétier in Montreal, where he used a $30,000 mortgage on his house to launch the business. Today, it remains headquartered in Montreal, though Cretier is now based in Dubai. He is worth nearly $4 billion, according to The Gazette's Rich List. In 2022, Quebec's provincial investment agency, Investissement Québec, invested $300 million in GardaWorld. A provincial spokesperson has previously said the investment was unrelated to the company's U.S. contracts. Twelve people have died in ICE custody so far this year, including Canadian Johnny Noviello, who died at a Miami detention facility in June. This story was originally published
