CEPEO statement regarding a cybersecurity incident

394

The Eastern Ontario Public School Board (CEPEO) would like to inform you of a recent cyberattack on our network that has resulted in the personal information of our employees and others being compromised.

On the morning of October 18, we learned that unknown actors had gained unauthorized access to our computer network. The network was re-secured later and we launched an investigation with the help of cybersecurity experts. We later confirmed that the threat actors took a set of files stored on a server at the main council office. Protecting members of our community was our priority. So we made a payment to the actors and received statements that the data was deleted. However, we provide this notice.

If you were employed by CEPEO at any time after 2000, your personal information may have been stored on the server. We will use the contact details available to write to you personally within a week if your Social Insurance Number, bank account number, unexpired credit card number, or date of birth has been compromised. Where applicable, we will also provide you with a free credit monitoring service for a period of 24 months.

A smaller number of current and former students and parents have been affected. We carefully analyze the data and will inform those affected as soon as possible.

We ask all members of our community to be vigilant. As always, you should watch out for phishing emails and other suspicious communications and monitor your financial accounts for any signs of fraudulent use. For more tips on how to protect yourself against scams and fraud, please visit the Canadian Anti-Fraud Center website at www.antifraudcentre-centreantifraude.ca .

If you have any specific questions or concerns about this incident, please contact us at cyberincident@cepeo.on.ca.

We extend our sincere apologies to you. We have already taken steps to improve the security of our network as a result of this incident and will implement further improvements as we investigate the incident. We have reported this matter to law enforcement authorities and to the Information and Privacy Commissioner of Ontario. Finally, we remind you that we will communicate directly with those most affected.