Letters

Toronto District School Board cyberattack: Recommendations for improved security

January 6, 2025

A social engineering attack at a TDSB high school led to the unauthorized access of personal information belonging to current and former students, parents and staff across several schools. The threat actor gained unauthorized access to the affected schools’ systems by obtaining the login credentials of a school’s Vice-Principal (VP) through a social engineering attack and obtaining the login credentials for their OneDrive account from a browser cache connected to the Vice-Principal. The breach resulted in several recommendations to the TDSB by the IPC that will assist in improving its security posture.

Topics

Privacy and Transparency in a Modern Government

Technology and Security

Help us improve our website. Was this page helpful?

Yes

How did this page help you?

The information is incorrect or needs to be updated.

The information was too hard to understand.

The information wasn’t relevant.

I didn’t find what I was looking for.

Other

Note:

You will not receive a direct reply. For further enquiries, please contact us at @email
Do not include any personal information, such as your name, social insurance number (SIN), home or business address, any case or files numbers or any personal health information.
For more information about this tool, please see our Privacy Policy.