It's the call no school portrait company wants to get: There's been a data breach at one of your client schools... and the culprit was one of your third-party vendors. But that's what happened to Canada's Edge Imaging earlier this year, in a case that got widespread regional media coverage.
In this incident, Edge Imaging was notified that one of its third-party web-based software service providers had a cyber incident on its Canadian AWS cloud server where images from 2022/23 and 2023/24 yearbooks may have been accessed in early February. Parents were contacted two days later. According to the report, the criminals stole an undisclosed number of student images, including roughly 160 from four schools in Calgary, following a data breach.
Following notification from the Calgary Board of Education (CBE), parents were concerned and told their story to Global News. The CBE said it had been assured no identifying information had been accessed, and Edge was taking the appropriate steps.
The CBE said it had been assured no identifying information had been accessed and Edge was taking the appropriate steps to find out what happened and how.
“Cyber risk is a very present threat to all companies, but especially in the school photography and yearbook businesses due to the precious nature of the images we capture," said Jim Agnew, CEO, Edge Imaging, in a statement. "It requires us all to reject the notion of inevitability and underscores the vital need for proactive measures and rigorous stress-testing for ourselves, and our third-party vendors. There are tools and experts we can and need to tap into before a problem arises. Let's work to uphold the highest privacy and security standards, fortifying our industry through this unwavering commitment. Together, we will ensure our collective success.”
Cyber security experts note, that while most volume photography companies have policies to protect them from breaches on their systems, third-party insurance is necessary to protect firms from breaches on other networks.