In what’s becoming an increasingly troubling development for Toronto families, student information stolen during the PowerSchool data breach hasn’t been deleted, despite the Toronto District School Board paying a ransom. As someone who’s covered Toronto’s education sector for years, I find this situation particularly concerning for our community.
Yesterday afternoon, TDSB officials confirmed that sensitive student data remains accessible online even after financial demands were met. The board initially hoped paying the ransom would secure the deletion of stolen information, which includes names, addresses, emergency contacts, and health details for thousands of students across the city.
“We’re deeply troubled that despite following the recommended protocols, student information remains compromised,” said TDSB spokesperson Shari Schwartz-Maltz during an emergency press conference. “Our primary concern remains protecting our students and their families.”
This breach, first discovered in early April, affected PowerSchool’s systems – the digital platform used by numerous Ontario school boards to manage student information. The hack exposed data for approximately 75,000 Toronto students, creating significant anxiety among parents across the city.
I spoke with cybersecurity expert David Masson from Darktrace, who explained why ransom payments often don’t resolve these situations. “Cybercriminals rarely honor their promises. Once they have your money, there’s little incentive to delete valuable data they can continue to leverage or sell elsewhere.”
The breach has prompted immediate action from provincial authorities. Ontario’s Information and Privacy Commissioner has launched a formal investigation, while the Ministry of Education has established an emergency response team to support affected school boards.
For Toronto parent Anita Sharma, whose two children attend Riverdale Collegiate, the ongoing exposure feels violating. “We received notification about the breach, then an update that it was being handled, and now this. It’s exhausting constantly worrying about who has access to my children’s personal information.”
The TDSB has established a dedicated support line (416-395-HELP) for affected families and is offering complimentary credit monitoring services. They’re also working with cybersecurity experts to determine what additional measures might help protect exposed information.
Local cybersecurity attorney Carole Piovesan told me this case highlights a growing problem for public institutions. “School boards find themselves in an impossible position – they’re responsible for protecting sensitive data but often lack the sophisticated cybersecurity infrastructure of private corporations.”
The incident raises serious questions about data protection policies across Ontario’s education system. The province committed $25 million last year to upgrading digital security across school boards, but clearly, vulnerabilities remain.
For Toronto families seeking guidance, the TDSB recommends monitoring financial accounts for unusual activity, changing passwords for any accounts that might share credentials with school systems, and being particularly vigilant about phishing attempts that might reference student information.
As this situation develops, I’ll continue providing updates on protection measures and resources available to affected Toronto families. This breach serves as a stark reminder that in our increasingly digital education landscape, cybersecurity deserves as much attention as traditional safety concerns.
