Fern Hill Ottawa Email Breach – April 5, 2022
Dear Fern Hill Parents, Vendors, Staff, Students and Alumni,
Some of you may have received a fraudulent email yesterday that was sent out to many parents, alumni, staff and vendors of Fern Hill. We have concluded our investigation into the matter and are sending you this email to help answer any questions you may have.
At approximately 2:21PM EST on Friday, August 5, 2022, our mail system detected a malicious actor originating in Chicago, IL attempting to gain access to the firstname.lastname@example.org email address. While the attempt was successful, the intrusion detections we have in place disabled the account quickly, but not before the actor was able to, at 2:41PM, generate and send four identical fraudulent emails with a subject line “Business Proposal” to all parents, teacher’s personal email addresses and vendors (past and present). In total there were 983 recipients being addressed and at this time, it is unclear how many of those were delivered successfully to recipients, as they were flagged as spam and may have been rejected before getting delivered.
In addition to sending fraudulent emails, the actor did manage to preview five random files, none of which contained any personal information about any parents, students or staff of Fern Hill School, past or present.
Due to the nature and speed of the attack, it has been determined that this attack was performed by a bot and not by a human. There is no indication that any other emails were viewed nor that any other data was obtained.
What do I need to do?
If you have received an email entitled “Business Proposal” from email@example.com, delete the email immediately. If you have clicked on a link or opened a document in the email, please reset your email password as soon as possible. If you did not click the link, then you are not affected by this phishing scam and no action is required by you.
What are we doing?
Fern Hill is taking this breach very seriously and has immediately begun to increase security protocols for all staff. The following actions are being taken:
- All accounts for staff will have their passwords reset before the start of the school year
- All accounts for students will have their passwords reset before the start of the school year
- All accounts for staff will begin to require multiple factor authentication within the first few weeks of the start of the school year
Fern Hill School takes your privacy and the privacy of our students very seriously and are aware that you may have further questions about Friday’s email breach. If you would like additional information, please feel free to contact me via email (firstname.lastname@example.org) or phone (613-746-0255).
Thank you for your patience,