Phillip Blancher reports from Ottawa:
An October 18 ransomware attack has left personal data exposed by the local French-Public school board.
The Conseil des écoles publiques de l’Est de l’Ontario issued a press release November 30 announcing it had been attacked, and that after resecuring the network it was discovered that some files stored at its board office had been stolen and held for ransom.
The board said it had paid the attackers and the data that had been stolen was deleted.
Read more at Seaway.
While they are doing the right thing by offering complimentary credit monitoring services for 24 months, telling people that data was deleted after paying ransom is somewhat misleading at best. They should say that threat actors claimed to have deleted data, but experts know that often such claims are lies. In this case, we have not been told who the threat actors are, so it’s hard to evaluate that piece of things.