The Durham District School Board says an employee clicking on a phishing email set off the November cyber incident that shut down virtual classes for several days.

Areport trustees detailed the final findings of the board's investigation into the incident, which found that no student or employee information was accessed or stolen.

"The DDSB network was compromised by malware that was introduced through a phishing email message sent to a DDSB employee," explained the report.

"Once the malware was embedded, it moved laterally through the network, eventually compromising administrator accounts, which enabled the originator to encrypt much of the network," the report continued. "The cyber incident highlighted a number of areas of improvement required in the security and network operations of the DDSB. Significant progress has been made fortifying the DDSB network, and efforts in this regard will be ongoing."

Additional security measures including multi-factor authentication have been implemented. The board's network and associated data were mostly restored using backups, and no further evidence of continued or additional malicious activity has been found.