Pembina Trails School Division Data Leaked in Cyberattack

Pembina Trails School Division, located in south Winnipeg, confirmed that accounting spreadsheets were among the files leaked online after a cyberattack in December. The attack, carried out by the hacker group Rhysida, resulted in the theft of various sensitive documents.

In early April, the school division confirmed that the group demanded a ransom for the stolen data, which was not paid. Following the ransom demand, Rhysida advertised the sale of personal information and photos of students, teachers, and staff on the dark web. When no one purchased the data, the group uploaded it publicly.

The division has engaged a team of experts to investigate the breach. So far, the review has identified three categories of compromised data. While there is no evidence that payroll information was accessed, accounting spreadsheets saved on the division’s network drive were found among the leaked files. The experts are still working to determine the exact content of these spreadsheets.

In addition to the spreadsheets, a large number of miscellaneous files were stolen, including educational videos, lesson plans, and student assignments from various schools within the division. The affected schools include Acadia, Bairdmore, Crane, Fort Richmond, Oakenwald, Pembina Trails Collegiate, Ralph Maybank, Shaftesbury, South Point, St. Avila, Vincent Massey, and Viscount.

The breach also involved personal data of students who attended the division between 2011 and 2024. This includes health identification numbers, parents' or guardians' contact information, and recent photos of some students. The division confirmed that these personal records were also leaked online.

Pembina Trails School Division has since been working with a third-party security vendor to enhance its cybersecurity measures. In a statement, the division expressed its commitment to improving security and emphasized that cyberattacks are increasingly targeting both public and private organizations.

"Unfortunately, organizations across the public and private sectors are being repeatedly targeted by cybercriminals," the division stated. "Nonetheless, we are emerging stronger from this experience."