Cyber Incident Victim: Ontario Secondary School Teachers Federation
Date:
May 2022
Location:
Canada
Summary
The Ontario Secondary School Teachers' Federation experienced a ransomware attack compromising sensitive personal information of its members. The union notified affected individuals about the unauthorized data access and theft resulting from the breach, initiating response measures including investigation and mitigation efforts to address the security incident.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On or around May 30, 2022, the Ontario Secondary School Teachers’ Federation (OSSTF) experienced a ransomware attack compromising member data. The incident involved unauthorized access to the organization’s systems, leading to the exfiltration of sensitive personal information. Attackers deployed ransomware, a type of malware that encrypts data and demands payment for decryption, though specific ransom demands or payment details were not disclosed in available reports. OSSTF confirmed the breach impacted current and former members’ personally identifiable information (PII), though the exact number of affected individuals remained unspecified. The compromised data types included names, contact details, and potentially other employment-related records held by the union. No evidence suggested student data was involved, as the breach appeared confined to OSSTF’s internal member databases. The attack disrupted normal union operations, though the duration and severity of operational interruptions were not quantified. OSSTF initiated forensic investigations to determine the attack’s origin and full scope shortly after detection.
The union formally notified impacted members about the data compromise in November 2022, approximately six months post-incident. This notification advised members to monitor financial accounts and credit reports for suspicious activity stemming from potential misuse of exposed PII. OSSTF did not publicly confirm whether it paid a ransom or engaged in negotiations with the threat actors. No ransomware group claimed responsibility for the attack in available sources. The breach prompted OSSTF to reinforce cybersecurity protocols, though specific technical or procedural changes implemented were not detailed in public communications. Members faced heightened risks of identity theft and phishing attempts due to the exposure of sensitive information. The incident underscored vulnerabilities in educational sector organizations’ data protection frameworks. OSSTF collaborated with cybersecurity experts and legal advisors to manage breach response obligations under Canadian privacy regulations.