Cyber Incident Victim: Edsembli

On February 26, 2021, a ransomware attack disrupted Edsembli, the vendor responsible for managing Nunavut’s school information system. The system stored critical student data including grades, attendance records, and enrollment details. Department of Education staff were immediately locked out of the platform, preventing routine administrative operations. The incident persisted until March 9, 2021, marking a 12-day period of inaccessibility. While no data loss occurred, the attack caused significant processing delays, particularly affecting the generation of student transcripts and final grades. The disruption impacted educational operations across Nunavut, though the exact number of affected schools or students was not specified in available reports. Manitoba school districts also experienced related disruptions earlier in March, suggesting broader regional implications from the Edsembli compromise.

The Department of Education publicly confirmed the ransomware incident but did not disclose the attackers’ identity, ransom demands, or initial intrusion methods. Restoration efforts were ongoing at the time of reporting, with full system functionality not yet reinstated. Operational impacts included prolonged administrative bottlenecks, though teaching activities reportedly continued without direct interruption. No evidence suggested unauthorized access to or exfiltration of student data. The incident underscored dependencies on third-party vendors for critical educational infrastructure and highlighted vulnerabilities in centralized systems serving geographically dispersed regions. Recovery timelines remained unspecified beyond the March 9 partial access restoration.