Emergency Notification: Cyber Security Incident Updates

January 17, 2025

Notice of Incident December 19, 2024

Dear Pembina Trails Community, and in particular, former students and staff,

As we informed our community on December 2, 2024, Pembina Trails School Division experienced a cyber security incident. Our priorities have been to minimize the impact on learning and safeguarding our student’s and staff’s information.

We engaged professionals to help us investigate and restore our systems. Through our ongoing investigation, we learned that the database containing student information was accessed and the database containing payroll information could have been accessed by an unauthorized third party in the days preceding December 2, 2024.

Information specific to students

The student database generally contains information about students attending Pembina Trails School Division since 2014. Our student database contains name, date of birth, gender, address, parent or guardian contact information, most recent school photo (no other photos are kept on this database), and personal health identification number. For some students, it also contains health concerns or medical alerts, immigration information, and name of previous educational institution. We do not store financial information on our student information system, and any financial information for international students is stored on a distinct system that was not involved in this incident.

You should remain cautious, as always, when receiving emails, mail, text messages or phone calls that appear to come from Pembina Trails School Division or claim to be related to this incident or about your child. Be particularly vigilant about communications requesting personal information, those containing hyperlinks or any message that seems unusual. Consider speaking to your children about exercising similar precautions when they receive texts, phone calls or email. For additional support visit getcybersafe.gc.ca

Information specific to staff

The payroll database generally contains information about Pembina Trails School Division staff since 2009. Not all former staff from that period have information stored on the database and any staff whose information was in the database are being contacted by email or mail. Our payroll database contains name, date of birth, gender, address, phone number, compensation information, bank account information, and social insurance number. While we have no evidence that the contents of the payroll database were actually accessed, out of an abundance of caution, we are notifying and offering 36 months of credit monitoring service at no cost to current and former staff whose information was in that database.

If you have not received a letter by January 15, 2025, please contact us using this form and further information on how to protect yourself can be found here. If you are current staff, please refer to the notice you received at your Pembina Trails email address.

We are committed to safeguarding all personal information we hold. Upon becoming aware of the incident, we engaged third-party cyber security professionals to help us investigate and we took steps to contain the incident, such as taking systems offline and progressively restoring them in a secure manner. In addition to notifying individuals as described above, we also notified law enforcement and the Manitoba Ombudsman.

We deeply regret that this incident occurred. We find it appalling that an organization dedicated to the education and safety of children should be the focus of this kind of criminal activity. Should you have any questions, please contact our privacy officer using this form.

Update December 30, 2024

Pembina Trails IT department is working through the thousands of desktop and laptop computers at the division’s 36 schools and administration buildings. Each unit is being checked for malware and loaded with a top performing security tool. School systems such as PA and phones have been restored. The team is continuing to work on restoring printers.

The investigation into the cyber security incident is ongoing.

Questions and Answers

This Q & A provides supplemental information to the notice above about the incident. If you have a question, you may contact our privacy officer using this form.

About the incident

What happened?
On December 2, 2024 we experienced a cyber security incident that resulted in unauthorized access to our systems. We are investigating and working to contain the incident.
Who did this and for what purpose?
Unfortunately, organizations across the public and private sectors have been repeatedly targeted by cyber criminals. Cyber criminals of this nature are not looking for specific information about specific individuals. Generally their motive is to disrupt operations.
How did it happen?
We are still investigating to determine the full scope of this incident.
How did you respond to the incident?
Upon discovering the incident, we immediately launched an investigation and engaged third-party cyber security professionals to contain the incident and determine its scope.
How long will the investigation take?
The investigation may take some time, perhaps months. We will keep the Pembina Trails community updated throughout this process.
Has the incident been resolved?
We are still working to restore all our systems.

About the response

How long will it take for you to recover?
It is difficult to commit to timelines at this stage, but we are committed to sparing no efforts to minimize the impact on learning and to restore our systems in a secure and timely manner.
Is it safe to connect devices to the school network?
We are restoring systems in a secure and timely manner. Devices are tested and reinforced before being brought back online and being able to connect. We regret any inconvenience caused by this and reiterate our commitment to minimize the impact on learning and safeguarding our student’s and staff’s information.
What are you doing to make sure this doesn’t happen again?
We take the security of personal information in our care seriously. We will continue to make this a priority. We have re-secured our network, and devices are being tested and reinforced before being brought back online and being able to connect.
Has law enforcement been notified?
Yes. We notified law enforcement.
Has the Manitoba Ombudsman been notified?
Yes. We notified the Manitoba Ombudsman.

About the impact

How has this affected learning?
Some of our systems continue to be offline and we are temporarily resorting to alternative processes. However, schools are open, and classes are running, albeit with some adjustments. Our digital learning tools have been affected, but teachers have pivoted to non-digital materials and classes continue to run without interruptions.
How has this affected payroll?
While our payroll system was temporarily taken offline for the investigation, we identified an alternative way of processing payment to ensure everyone continues to be paid.
How is this going to affect report card issuance?
Schools are continuing to issue report cards and have communicated directly with their parents/guardians if the date of issue is postponed. Tests and exams will continue as normal.
Why did this happen to Pembina Trails School Division?
Unfortunately, organizations across the public and private sectors have been repeatedly targeted by cyber criminals, and our incident is one of many. We have no reason to believe our organization was targeted specifically.

About the data

Has data been lost?
We are still working to restore our systems and to determine the full scope of this incident, allowing us to make that assessment.
Has data been accessed?
As of today, we are still investigating to determine the full scope of this incident, allowing us to make that assessment. Through our ongoing investigation, we learned that the database containing student information was accessed and the database containing payroll information could have been accessed by an unauthorized third party in the days preceding December 2, 2024.
Is my adult child’s information in the database and are you contacting them?
If they attended a school in Pembina Trails School Division at any time from 2014 to December 2, 2024, their information is in the database that was accessed. We have tried to notify former students by sending a message to the most recent email address on file, which is likely their parent or guardian, and are also reaching out through print and social media advertising. If you received a notice on behalf of your adult child, please encourage them to visit the website.
Why am I being contacted about my adult child who previously attended a school in Pembina Trails School Division?
We have tried to notify former students by sending a message to the most recent email address on file, which is likely you as their parent or guardian, and are also reaching out through print and social media advertising. If you received a notice on behalf of your adult child, please encourage them to visit the website.
Has data been posted online or leaked?
No. Our experts continue to watch for this, and we have not identified any data leaked or published.
Why do you retain a student photo in your database?
We collect the photo taken at the beginning of each year. We only keep the most recent photo. The photos are maintained for school identification and safety reasons.
How long will it take until I find out if my information was lost, taken or accessed?
We are still investigating to determine the full scope of this incident, allowing us to make that assessment. If we determine that personal information was taken, we will contact individuals as appropriate.