The identities of 400 individuals are already claimed to have been stolen
The government of Quebec has admitted to a data breach potentially impacting around 360,000 teachers employed in the Canadian province.
In an announcement on Friday (February 21), the government said that fraudulent credentials had been used to obtain the identities of individuals who are working, or have worked, as teachers.
Using a stolen username and password, the attackers were able to access a database where the information of teaching professionals was stored.
The database in question also pertains to substitute teachers operating on contracts of 20 days or more, amounting to 360,000 individuals in total.
“The reliability of the Ministère’s computer systems is not at issue,” said the government, which is undertaking its investigation with the Sureté du Quebec (SQ), the province’s police force.
Information potentially disclosed includes first names, last names, Social Insurance Numbers, and dates of birth. If affected, these personal details could amount to identity theft, the government said.
“According to the most recent information, 51,400 people are affected,” the government said. “However, the investigation is still ongoing.”
The data breach was confirmed to the Ministry of Education on Wednesday (February 19).
Impacted individuals can apply for free credit monitoring and will receive letters from the provincial government if their information was disclosed. A dedicated breach hotline has also been set up at +1-877-644-4545.
At the time of writing, the Quebec government reports that an estimated 400 teachers have already claimed to have had their identity stolen as a result of the incident.
Last year, a data breach at the French-Canadian credit union Desjardins affected 4.2 million of its members, prompting calls for reform of Quebec’s data protection rules.