Cyber Incident Victim: Huron-Superior Catholic District School Board
Date:
Dec 2022
Location:
Canada
Summary
The Huron-Superior Catholic District School Board experienced a cyberattack where intruders breached its systems and delivered a message via compromised photocopiers, confirming unauthorized access. The incident disrupted computer and phone networks, rendering the board’s website inoperable and disabling school communications, including telephones and public address systems. All classes were canceled immediately, with students and staff sent home, and operations remained suspended for an extended period while the board secured its network, engaged experts, and worked to restore services. Communication updates were provided through alternative channels like social media and a messaging platform during recovery efforts, with the board acknowledging potential privacy implications of the breach.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On December 15, 2022, the Huron-Superior Catholic District School Board experienced a cyber incident first detected when an unauthorized party delivered a message through photocopiers at the board's main office and multiple schools. The communication informed officials that their computer and phone systems had been compromised. Board spokesperson Jim Fitzpatrick confirmed the intrusion but did not disclose whether ransom demands accompanied the message. Upon discovery, the board immediately secured its network and engaged external cybersecurity experts to assist with containment and investigation. The attack disrupted critical operational systems, including telephones, public address systems, and the board’s primary website, which remained offline following the breach. This infrastructure failure necessitated early dismissal of all students on December 15 and cancellation of classes for December 16.
The board implemented emergency communication protocols through its School Messenger platform and social media channels due to the inoperability of standard systems. Director of Education Danny Viotto and Board Chair Gary Trembinski announced that all classes would remain suspended until January 3, 2023, to allow extended recovery time. Principals and vice-principals maintained limited on-site presence during the closure period to address logistical needs. Information technology teams worked continuously to restore services while investigating the scope of compromised data, acknowledging significant privacy implications without specifying affected information types. No further details regarding attacker methodology or data exfiltration were disclosed publicly during the initial response phase. The incident caused operational paralysis across educational facilities and administrative functions for multiple weeks during the academic term.