Hackers tried to sell Pembina Trails School Division student, staff info on dark web

CBC News

· Posted: Apr 11, 2025 7:26 PM EDT | Last Updated: 4 minutes ago

Photos of valid passports, unit payroll accusation and recognition paper statements were among the astir 1 cardinal files uploaded onto the acheronian web aft a caller ransomware onslaught by a hacker radical connected a southbound Winnipeg schoolhouse division.

The Pembina Trails School Division was deed successful December by a information breach carried retired by a hacker radical known arsenic Rhysida, which stole idiosyncratic accusation of students, teachers and families.

The part confirmed Friday the hacker radical demanded a ransom to get the information back, but said it wasn't paid. The radical past advertised the merchantability of idiosyncratic accusation and photos of students, teachers and unit going backmost to 2011 connected the acheronian web — a portion of the net that can't beryllium accessed with a accepted web browser.

When nary 1 bought the data, the radical uploaded it online.

The information that was perchance exposed includes names, dates of birth, confidential concern data, idiosyncratic wellness accusation and email addresses.

Colleen Peluso, who has 3 children successful the Pembina Trails School Division, says immoderate of their idiosyncratic information was among the accusation stolen, alongside that of thousands of different students and staff. 

"Every year, the genitor assembly astatine our schoolhouse does cybersecurity and net information talks, which I spell to. I've tried truly hard to support my family," Peluso said.

Company recovered information connected acheronian web

VenariX, a Texas-based institution that investigates and records cybersecurity incidents, said it decided to analyse the breach to larn more.

The institution has nary transportation with the Pembina Trails School Division, but recovered the division's information connected the acheronian web and enactment unneurotic a study connected its website that included pixelated images of the stolen accusation to assistance people learn astir the hack.

The hacker radical listed the 5.4 terabytes of information stolen from Pembina Trails online and was selling it for 15 bitcoins — the equivalent of astir $1.6 million.

WATCH | Hackers tried to merchantability information stolen from division:

"Some of them volition effort to merchantability that information to idiosyncratic other that is funny … conscionable to marque a profit. If they bash merchantability it, immoderate volition conscionable region it disconnected their website similar it wasn't adjacent there," said Luciana Obregon, who works with VenariX. 

"But if they weren't capable to merchantability it, they fundamentally marque it disposable for anybody to spell successful and bash immoderate they privation with it."

Screengrabs viewed by CBC amusement documents with names, commencement dates, wellness information, email addresses and slope relationship numbers.

Initially, the part said the stolen accusation dated backmost to 2014, but it's since learned a backup database was besides accessed, with accusation going backmost to 2011.

The Winnipeg Police Service's fiscal crimes portion is investigating.

Teacher and pupil information "should ne'er beryllium compromised," Manitoba Teachers' Society president Nathan Martindale said successful an emailed statement. 

"There's nary uncertainty this volition origin our members utmost intelligence stress."  

The part hired its ain cybersecurity institution to investigate. It's offering 3 years of a recognition monitoring work astatine nary outgo to existent and erstwhile unit and is encouraging families to beryllium vigilant.

Divisions 'don't recognize however valuable' data is

The radical claiming work for the Winnipeg ransomware onslaught is believed to beryllium a transgression cognition from Russia oregon eastbound Europe. Rhysida has besides claimed attacks against authorities institutions successful Portugal, Chile and Kuwait, according to the Guardian.

Pembina Trails was 1 of galore schoolhouse divisions attacked crossed Canada. Obregon says she's recovered leaked information from 32 of them connected the acheronian web.

Another unfortunate of the aforesaid radical that targeted the Winnipeg part is the Qualifications Evaluation Council of Ontario, a radical that evaluates teachers' qualifications for wage categorization purposes. It was deed by an onslaught past July that whitethorn person exposed confidential concern information and idiosyncratic information, immoderate of which has been posted to the acheronian web, said Obregon.

QECO enforcement manager Liz Papadopoulos described the cyberattack as a "painful matter" and said nary fiscal accusation was stolen. Everyone impacted was contacted and systems were secured, she said, but she declined to remark further.

Cybersecurity adept Hadis Karimipour said ransomware attacks connected schools and schoolhouse divisions person go much common, arsenic galore absorption connected rapidly digitalizing things without keeping information successful mind.

"They don't recognize however invaluable their information is and wherefore cybercriminals would beryllium interested. So they don't put successful it," said Karimipour, Canada Research Chair successful Secure and Resilient Cyber-Physical Systems and an subordinate prof astatine the University of Calgary.

That information tin beryllium highly invaluable for things similar individuality theft, she said.

Karimipour said 1 of the easiest things organizations similar schoolhouse divisions tin bash to support themselves is to put successful grooming for employees, helping them to admit things similar phishing emails and learn how enactment systems tin beryllium compromised if they're connected to idiosyncratic devices that person been breached.

"Unfortunately, humans are ever 1 of the, basically, root of the occupation that gives the accidental to cybercriminals to onslaught a ample organization," she said. "And radical usually [make] tons of mistakes."