Cyber Risks in Schools, Businesses, and Beyond

Hello Scamstallers,

When you’re a parent, you expect school emails to be about snow days or reminders for permission slips—not full-blown cybersecurity disasters. But here we are, diving into a cyber mess that makes cafeteria food look gourmet. Who knew school IT drama could outshine a PTA meeting?

In today’s Scamstall Signal:

• PowerSchool’s data breach: A global school software nightmare

• Ontario cyber incident exposes decades of student data

• Medicare prescription drug scams targeting seniors

• Balancing cybersecurity and business priorities

Let’s get into it.

POWERSCHOOL
PowerSchool Data Breach Hits Calgary Schools (and Beyond)

The Rundown: It seems even report cards aren't safe from cybercriminals. On January 7, 2025, the Calgary Board of Education (CBE) notified families of a cybersecurity incident involving PowerSchool, the student information system. The breach exposed sensitive data from students and staff, impacting schools across Alberta and beyond.

The details:

• PowerSchool confirmed that the breach occurred via a compromised credential in their PowerSource customer portal.

• Data from Alberta, Ontario, Newfoundland, and Nova Scotia schools was impacted.

• Compromised data varies but includes student health card numbers, addresses, and birthdates.

• PowerSchool claims the breach is contained, with no evidence of malware or further misuse.

Why it matters: A breach affecting children’s data is particularly concerning. Kids aren’t monitoring their credit scores—yet. Parents are advised to closely monitor their children’s personal information and consider identity theft protection services.

SCAM Framework Tips:

• Stop and Think: Avoid sharing additional personal information while details are still unclear.

• Check the Source: Verify emails from schools claiming to address the breach.

• Monitor for Red Flags: Watch for unusual activity in your child’s name.

For updates, contact CBE’s Office of Privacy Commissioner at [email protected].

ONTARIO

Ontario Schools Hit by Cyber Incident Affecting Decades of Data

The Rundown: In Toronto, the data breach extended its reach, exposing records from students as far back as 1985. The Toronto District School Board reported that sensitive information, including medical records and principal notes, may have been accessed.

The details:

• 19 school boards across Ontario are impacted, with varying degrees of data exposure.

• The federal Privacy Commissioner expressed concern about the breach’s implications for student privacy.

• Boards are working with PowerSchool to notify affected families and mitigate risks.

Why it matters: This breach underscores systemic vulnerabilities in managing student data. With personal details spanning decades, even alumni could face risks. Organizations must prioritize robust safeguards for sensitive information.

Source: Cyber incident at Ontario’s largest school board involves data going back to 1985 | Globalnews.ca

SENIOR SCAMS

Medicare Drug Cap Scams Target Seniors

The Rundown: Seniors in New York are being targeted by fraudsters exploiting Medicare’s new $2,000 annual cap on out-of-pocket prescription costs. These scammers are posing as Medicare agents offering “benefit activation” for a fee.

The details:

• Common scams include unsolicited calls requesting Medicare or bank information.

• Fraudsters may claim upfront payments are required to access benefits.

• Legitimate Medicare programs never charge for benefit access or require additional cards.

How to protect yourself:

• Never share personal information over the phone unless you initiated the call.

• Review Medicare statements for suspicious charges.

• Report fraud to the NYS Medicare Fraud Helpline: 800-333-4374

Source: Medicare Prescription Drug Cap Scams

CYBERSECURITY PRIORITIES

Balancing Cybersecurity and Competing Business Priorities

The Rundown: The World Economic Forum’s Global Cybersecurity Outlook 2025 highlights growing challenges for organizations navigating cyber risks amid resource constraints. Smaller businesses report struggling to keep up, while larger organizations pull ahead in resilience.

The details:

• 35% of small organizations feel their cyber resilience is inadequate, a sevenfold increase since 2022.

• Supply chain vulnerabilities top the list of cyber risks, compounded by geopolitical tensions.

• Despite recognizing AI’s transformative potential, only 37% of organizations assess the security of AI tools before deploying them.

Why it matters: Cyber threats are evolving rapidly, with attackers leveraging tools like generative AI to lower costs and increase attack scope. Businesses must adopt a security-first mindset and prioritize collaboration across industries to address shared vulnerabilities.

SCAM Framework Tips:

• Stop and Think: Assess risks before adopting new technologies.

• Check the Source: Verify the reliability of AI tools and vendors.

• Avoid Greed Traps: Be wary of too-good-to-be-true solutions promising quick fixes.

• Monitor for Red Flags: Continuously review and adapt cybersecurity strategies.

Source: Balancing cybersecurity and competing business priorities - Insurance Portal

REGULATORY PERSPECTIVES

 CRITICAL REGULATORY PERSPECTIVES

Here are trusted resources to help you navigate today’s issues:

1. Canadian Anti-Fraud Centre: For fraud prevention tips and reporting scams. Visit here.

2. FTC (U.S.): Comprehensive guidance on spotting Medicare-related scams. Learn more.

3. Office of the Privacy Commissioner of Canada: Reporting and updates on data breaches. Explore resources.

That’s all for today, Scamstallers. As always, stay vigilant, question the improbable, and protect your digital and personal live.

With vigilance

Andrew