Canadian school photo company says hackers held Sask. students' pictures for ransom
A Canadian school photography company says it was hit by a ransomware attack that held about 3,500 photos of students in several Saskatchewan school divisions hostage, among others across the country.
On Feb. 15, Edge Imaging contacted the office of the privacy commissioner to disclose a “cyber incident that may have affected school divisions across Canada,” according to a report released last week.
In a letter to the commission, Edge Imaging said the breach affected Entourage, the owner of its yearbook software web platform Creator Studio Pro, after the service noticed a breach of its Canadian Amazon Web Services cloud server “that may have affected uploaded images of school boards’ students and staff.
“On February 5, 2024, Entourage recognized a cyber incident on its cloud server due to a compromised username and password of one of its server accounts. The result was a ransomware attack where the threat actor removed photo images on a storage container on that server,” Edge wrote to Ron Kruzeniski, Saskatchewan’s privacy commissioner.
“We are advised by Entourage that the photos were ‘raw’ and likely contained no other identifying information such as associated names, schools, grades, location, or captions. Entourage recently commented that there may have been some metadata associated with the photos depending on the device from which the photos were uploaded. For instance, it is possible that metadata such as time the photo was taken and location of the photo may have been attached to some photos.”
According to Kruzeniski, just over 3,500 images of Saskatchewan students and staff were held ransom by the hackers, affecting people in the Horizon, Living Sky and Prairie Spirit school divisions.
In total, about 400 of the photography company’s clients were affected by the ransomware attack. The largest cache of photos stolen in Saskatchewan came from schools in Muenster and St. Brieux.
Edge, the Canadian photography company, said the attack was limited to its yearbook software service provider Entourage, and did not affect its own internal IT.
Edge told Kruzeniski’s office the images involved in the hack included a lot of candid photos of school events and clubs.
“Schools often upload photos of clubs, events or candid photos that are often included in a yearbook,” Edge told the commission. “Where we are the school photography provider, we do upload photos from the school photography sessions.”
Photos taken by Edge Imaging would have very limited metadata attached, but photos uploaded directly by schools for use in the yearbook, such as those captured by students and parents, could have more detailed information in the metadata, depending on the settings of each individual’s camera, the company said.
In his report, Kruzeniski writes that it’s possible the people in the photos could be identified.
“It is likely that some of the images as described by the school divisions and Edge, if not all, could lead to the identification of the individuals on them based on factors such as race, ethnic origin, age, appearance in a certain location, etc. This would then reveal information that is personal in nature about an identifiable individual. Based on this, I find that there is personal information involved.”
Many of the stolen files were later recovered by Entourage, Kruzeniski says, but given that his office has worked on cases where stolen data was found for sale on the dark web years later, “there are no assurances that the breach was fully contained.”
To read about the school divisions’ response to the privacy breach and Kruzeniski’s recommendations to prevent future breaches, read the full report here.
CTVNews.ca Top Stories
DEVELOPING MPs to vote on Poilievre's motion of non-confidence, as Bloc gives PM Trudeau an ultimatum
Members of Parliament will cast their first confidence vote of the fall sitting on Wednesday, but with it poised to fail, political posturing is already ramping up over future tests of the Liberal minority government.
'She was victimized by a predator': B.C. court reverses transfer of $1.4M townhouse in elder abuse case
A man who "systematically isolated, manipulated, deceived, abused, and exploited" an elderly North Vancouver woman has lost his ownership stake in her home.
Doug Ford says he wants to build a tunnel under Hwy. 401
Ontario Premier Doug Ford says he wants to build a tunnel under Highway 401 that would stretch from Brampton to Scarborough.
Yogurt recalled in Canada over risk of illness
A major yogurt maker is recalling one of its brands in Canada over concerns that it may cause illness in immunocompromised people.
Mortgage changes: Cheaper entry into housing market at steeper costs
Mortgage rule changes allow easier entry into the housing market with lower monthly payments, but also an increased cost of repaying a mortgage.
Amadeus? Amadeus!: Lost childhood manuscript of Mozart discovered in Germany
Careful listeners of Mozart may notice an unfamiliar melody attributed to his childhood works in their streaming feeds this week.
1 in 3 children worldwide is now nearsighted, study shows
More than a third of children around the world were nearsighted in 2023, and this proportion will rise to almost 40 per cent in 2050, according to new research.
Coverage denied: Canadians hitting roadblocks with insurers after installing solar panels on their homes
More Canadians are installing solar panels on their homes, but some are facing challenges when it comes to getting home insurance after the panels are put in.
Pope expels a bishop and 9 other people from a Peru movement over 'sadistic' abuses
Pope Francis took the unusual decision Wednesday to expel 10 people – a bishop, priests and laypeople -- from a troubled Catholic movement in Peru after a Vatican investigation uncovered 'sadistic' abuses of power, authority and spirituality.