Student Transportation Services of Central Ontario (STSCO) would like to provide the public with an update on the measures the organization has taken to improve its data security and implement recommended changes to its information technology practices following a data breach on Feb. 7, 2018.
As reported previously, while posting an update regarding bus operator negotiations on Facebook and Twitter on Feb. 7, 2018, STSCO staff inadvertently posted an internal staff training document. This document contained a link that allowed access to student contact and busing information.
As soon as STSCO learned of the issue, which was within hours of the posting, we removed the postings and closed access to the database. We were able to identify a small number of files where private information (e.g. date of birth, address and busing information) was accessed. This access of information was limited to several individuals who were notified directly about the issue.
At the request of the Kawartha Pine Ridge District School Board and the Peterborough Victoria Northumberland and Clarington Catholic District School Board, an outside security consultant was hired to conduct a thorough review of STSCO’s data security processes.
That security audit has been completed. Overall, the consulting firm determined that STSCO was observing a number of best practices with respect to data security and found the organization faced a “moderate risk” of unauthorized access to its internal network, comparable to similar size and type organizations.
With the assistance of the local school Boards, STSCO is now working to implement a series of short, medium and long-term recommendations. These recommendations include enhancing software and technology, improving internal processes with respect to password protections and conducting regular internal and external security assessments.
At STSCO, we take our responsibility to maintain the privacy and security of student information very seriously and we are committed to implementing the above recommendations to ensure our processes remain secure now and into the future.