5 Cyberattacks on Canadian Schools in 2025

Cybercriminals are increasingly targeting schools across Canada, exploiting outdated systems and limited cybersecurity budgets. These attacks don’t just disrupt education—they expose sensitive data, impact families, and reveal vulnerabilities that could affect any organization. Here are five notable incidents from 2025 that highlight the growing threat to the education sector.

1. PowerSchool Breach Hits Over 80 School Boards

In late December 2024, a breach at PowerSchool—a widely used student information system—compromised data from over 80 school boards across Canada. The attack exposed personal details of more than 2.7 million students, including names, birthdates, addresses, and even social insurance numbers. School boards in Alberta, Ontario, Manitoba, and Nova Scotia were among those affected. The attacker, a university student from Massachusetts, was later sentenced to four years in prison for cyber extortion.

2. Calgary and Rocky View Schools Breached

The Calgary Board of Education and Rocky View Schools were notified in January 2025 of unauthorized access to student and staff data through PowerSchool. While financial data wasn’t compromised, demographic information was exposed. Both districts took immediate steps to contain the breach, reset passwords, and notify affected families. The incident raised serious questions about third-party software security in education.

3. Hamilton-Wentworth District School Board Disruption

In January 2025, the Hamilton-Wentworth District School Board experienced a cyberattack that disrupted IT systems across multiple schools. The breach affected communications and access to digital learning tools, forcing staff to revert to manual processes. This incident highlighted how even mid-sized school boards are vulnerable to operational paralysis from cyber threats.

4. Limestone District School Board Targeted

In April 2025, the Limestone District School Board in Ontario reported a cyber incident that disrupted network access and communications. The board issued public notices and worked with cybersecurity experts to investigate and restore services. The attack was part of a broader trend of ransomware targeting school districts with limited IT resources.

5. Cape Breton-Victoria Regional Centre for Education Impacted

Nova Scotia’s Cape Breton-Victoria Regional Centre for Education was among the school boards affected by the PowerSchool breach. The full scope of the data exposure remains unclear, but provincial authorities confirmed that the K–12 education system was compromised. This incident emphasized the need for stronger provincial oversight and cybersecurity standards in education.

Final Thoughts

These breaches are a stark reminder that schools are not immune to cyber threats. For business owners, especially those in tech, education, or public services, these incidents underscore the importance of vetting third-party vendors, investing in cybersecurity infrastructure, and preparing for the ripple effects of digital disruptions.