By Rosalind Russell – The Rainbow District School Board says personal data was stolen from their network during a cyber incident, which occurred on February 7th resulting in a shutdown of the system, and a subsequent investigation.
Yesterday, the board released information that all staff members currently employed by them as well employees between January 2010 and February 2025 are compromised including bank account numbers, social insurance numbers, employee benefits, addresses and more.
The board will provide a two-year TransUnion® credit monitoring service, free of charge, to all current and former staff to monitor for signs of identity theft.
Students’ information has also been compromised including personal health data and social insurance numbers.
The board says the cyber crime has been reported to the Greater Sudbury Police Service and the OPP, and the investigation continues.
NOTIFICATION TO CURRENT AND FORMER EMPLOYEES
All staff members currently employed by Rainbow District School Board as well as individuals who worked for the Board between January 2010 and February 2025 are affected. This includes full-time, part-time and occasional staff.
If you are in this group, the personal information that was compromised includes some or all of the following:
address and primary phone number (2010 onward)
social insurance number (2012 onward)
bank account number (August 2017 onward)
Employee ID/compensation and benefit information/ Ontario Ministry Educator Number (for teachers only) and police background check information (September 2018 onward)
For some current and former employees, the stolen data also includes:
medical information (2022 onward) such as doctor notes, physical abilities forms and leaves of absence forms
Should you experience fraud that you believe to be linked to this cyber incident, please report it immediately to Rainbow District School Board at cyberincident@rainbowschools.ca.
Credit Monitoring
Rainbow District School Board will provide a two-year TransUnion® credit monitoring service, free of charge, to all current and former staff whose personal information was compromised. This service will help you monitor for signs of identity theft for fraudulent purposes so that you can react swiftly to protect yourself.
Current staff members will receive further information about the credit monitoring service via their work email address. The Board will mail this information to current staff who do not have reasonable access to a work email and to former employees who worked for the Board between January 2010 and February 2025.
This notice will be posted on the board’s website – rainbowschools.ca – to reach as many former employees as possible. We recognize that some individuals may have moved, and our contact information may not be accurate. Please email cyberincident@rainbowschools.ca if your address changed after leaving the board.
NOTIFICATION TO STUDENTS AND PARENTS/GUARDIANS
This incident affects students and parents/guardians from 2011 to 2025 as outlined below:
| Group | Information likely compromised |
| All students who graduated from Rainbow Schools from June 2012 to June 2024. | Date of birth, gender, home address, parent/guardian names and contact information, academic achievement data (grades and completion data), Ontario Education Number (OEN). (Compromised data for some members of this group includes medical provider’s identity, medical information, and immigration information.) |
| Current and former students with an identified exceptionality who have been enrolled in an Intensive Support Program (ISP) in Rainbow Schools since 2019. | Compromised data includes being identified with an exceptionality, assessment information, medical diagnosis, and information about related needs, including accommodation and student support information, behavioural information and health card number. |
| Parents or guardians of the students belonging to the groups identified above. | Contact information (including phone numbers, home addresses and email addresses), and place of employment. |
| Former students who were enrolled in a Rainbow School since 2011 who received a scholarship and T4A for income tax purposes. | Social insurance number. * |
| School photos from the 2012-2013 school year to and including the 2024-2025 school year without student names. | There are no personal identifiers (i.e. student names) attached to the school photos, images of students only. |
* Rainbow District School Board is providing affected scholarship recipients whose social insurance number has been compromised and who have reached the age of majority with a two-year TransUnion® credit monitoring service, on request, at no charge. This service monitors for signs of identity theft so that individuals can react in the event of data use for fraudulent purposes. Please email cyberincident@rainbowschools.ca to request the credit monitoring service.
Please note: Impacted scholarship recipients who are currently below 18 years of age are not eligible for credit monitoring.
How can I protect myself?
If you are eligible for credit monitoring, we strongly encourage you to sign up. It is the best way to protect yourself against identity theft.
Regularly check your bank accounts and credit card statements for unauthorized transactions and take immediate action.
Learn how to spot the signs of scams, including suspicious emails and phishing attempts.
What’s next?
Our investigation with third party experts is ongoing and we will provide further notifications, as required.
Where can I find more information?
Rainbow District School Board will continue to provide updates on the Board website at rainbowschools.ca.
Submit News Tip
