SUDBURY—A letter to parents and guardians of children in the Rainbow District School Board was sent out Thursday morning, confirming that a cyber incident that occurred on Friday, February 7 resulted in “sensitive data” being stolen from the board’s network. The matter is now being treated as a cyber crime by the Greater Sudbury Police Service and Ontario Provincial Police.
“We take this matter very seriously and apologize to all those who are affected,” a letter from the RDSB states. “We understand this news will be as concerning to you as it is to us, and we are deeply sorry.”
Who has been affected?
All students who graduated from Rainbow Schools from June 2012 to June 2024
Potential compromised data: Date of birth, gender, home address, parent/guardian names and contact information, academic achievement data and Ontario Education Number.
Current and former students with an identified exceptionality who have been enrolled in an intensive support program in Rainbow Schools since 2019
Potential compromised data: Being identified with an exceptionality, assessment information, medical diagnosis and information about related needs, including accommodation and student support information, behavioural information and health card number.
Parents or guardian of the students belonging to the groups identified above
Potential compromised data: Contact information (including phone numbers, home addresses and email addresses) and place of employment.
Former students who were enrolled in a Rainbow School since 2011 who received a scholarship and a T4A for income tax purposes
Potential compromised data: Social insurance number
School photos from the 2012-2013 school year to and including the 2024-2025 school year without student names
Potential compromised data: There are no personal identifiers (student names) attached to the school photos
All staff members currently employed by RDSB as well as individuals who worked for the board between January 2010 and February 2025
Potential compromised data: Address and primary phone number (2010 onward); social insurance number (2012 onward); bank account number (August 2017 onward); employee ID/compensation and benefit information/Ontario Ministry of Education Number and police background check information (September 2018 onward)
For some current and former employees, the stolen data also includes medical information.
Should you experience fraud you believe is linked to the cyber incident report it immediately by emailing cyberincident@rainbowschools.ca.
RDSB states it will provide a two-year TransUnion credit monitoring service, free of charge, to all current and former staff whose personal information was compromised.
RDSB is also encouraging parents and former students to sign up for credit monitoring, regularly check bank accounts and credit card statements for unauthorized transactions.
Those wishing to file a complaint with the Information and Privacy Commissioner of Ontario can visit the website at www.ipc.on.ca.
