Sudbury.com reports:
Data acquired by unauthorized individuals during Rainbow District School Board’s recent cyber incident “was deleted and has not been shared,” according to an update on the situation from the school board.
The school board also said in the Feb. 28 statement that three weeks after the cyber incident, which meant internet was unavailable in its schools for several days in February, “all of our critical systems are restored.”
You can read in full the board’s latest statement, which includes a recap of the cyber incident, on its website.
Read more at Sudbury.com
That statement from the school board, ” Rainbow District School Board has since received confirmation that the data acquired by the unauthorized individuals was deleted and has not been shared” suggests that the school board paid some extortion or ransom demand to get data deleted and an “asssurance” or “confirmation” that data has not been shared or deleted. The school board doesn’t say that they paid any ransom demand, however.
DataBreaches emailed the district board over the weekend to ask for a direct response as to whether the board paid any ransom or extortion to get data allegedly deleted and an assurance of deletion. The email stated that if the board would not answer the question directly, the email was to convert to a freedom of information request seeking all records related to any discussion of paying ransom or any fee to get data deleted or records related to any such payment either by the board or by any consultant or third party on their behalf. This post will be updated when a reply is received.
There is absolutely no sane reason to trust the word of criminals who attacked you that they will now keep their word about anything. Those affected by this breach should take steps to protect their accounts and their information and remain vigilant.