Cyber Incident Victim: Durham District School Board
Date:
Nov 2022
Location:
Canada
Summary
The Durham District School Board experienced a cyber incident disrupting phone, email, and emergency contact systems, prompting network security measures, expert engagement, and law enforcement notification. In-person schools remained operational with manual attendance procedures and temporary emergency contact collection, while remote classes, literacy tests, and most student Chromebook functionality were suspended; childcare and community facility use continued unaffected. The board acknowledged privacy concerns and ongoing IT restoration efforts, apologizing for disruptions without specifying the attack's nature or recovery timeline.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The Durham District School Board (DDSB) detected a cyber incident on Friday, November 25, 2022, prompting immediate network security measures and engagement of external cybersecurity experts. Law enforcement agencies were notified to assist with the investigation, though the specific nature of the attack remained undisclosed. By Sunday, November 27, the board confirmed widespread operational disruptions affecting critical communication systems, including complete outages of phone and email services across all schools. The incident compromised access to emergency contact information for students, requiring parents to provide temporary contact details manually. In-person schooling continued on Monday, November 28, but with significant procedural adjustments, including manual attendance tracking and suspension of absence notifications to families. Virtual learning programs (DDSB@Home) and scheduled literacy tests were canceled due to connectivity issues, while most student Chromebooks remained inoperable. Childcare services and community facility permits operated normally, unaffected by the IT disruptions.
DDSB's IT teams worked continuously throughout the weekend to restore services, prioritizing network security and forensic analysis to determine the incident's scope. The board acknowledged substantial privacy concerns stemming from potential unauthorized access to sensitive data but did not specify compromised data types or affected individuals. Contingency measures for school operations included reinforced safety protocols and reliance on manual administrative processes. No ransomware claims or threat actor attributions were disclosed, and the timeline for full service restoration remained undefined. Media inquiries were redirected to a temporary Gmail address due to the email system outage. The board committed to providing updates as the investigation progressed, apologizing for disruptions while emphasizing collaboration with law enforcement and cybersecurity professionals to resolve the incident.