You are currently viewing Personal information of hundreds of people compromised by Elgin County cyber failure

Personal information of hundreds of people compromised by Elgin County cyber failure

The personal information of more than 300 people, some of them highly sensitive, has been compromised in a “cybersecurity incident” that crippled Elgin County’s website and messaging system for nearly a month, its official said. chief bureaucrat.

Content of the article

The personal information of more than 300 people, some of them highly sensitive, has been compromised in a ‘cybersecurity incident’ that crippled Elgin County’s website and messaging system for nearly a month, according to its most senior bureaucrat.

Advertisement 2

Content of the article

The disruption — the latest in a recent wave of threats to civic data systems in southwestern Ontario — forced the county to disable its website and messaging system for most of April and led to the breach of personal and business information of 330 people, including county employees. and five long-term care residents and former residents, Julie Gonyou, Elgin’s chief administrative officer, said Friday.

Elgin, like all counties in Ontario, operates a seniors’ home, Elgin Manor.

“We shut down our networks on April 1,” after containing the threat and adding more security before resuming operations on April 27, Gonyou said.

A few days later, officials learned that the information had reached the so-called dark web, an area of ​​the Internet accessible only through special browsers that allow users to share information anonymously.

“We were informed by our cybersecurity team on May 3, in the afternoon, that files had been dumped on the dark web,” Gonyou said.

“It was a ‘dumpster’ of information – with documents containing information on 330 people, 33 of whom were highly sensitive,” the administrator revealed in a follow-up exchange.

The county did not provide any details about what the “cybersecurity incident” was, but Gonyou said it was not a “ransomware attack”.

“We didn’t have to make any payment for a decryption key or anything like that,” she said. She declined to comment further on the case, saying it was still being investigated by investigators.

Advertisement 3

Content of the article

An internal county memo dated March 31, a copy of which was obtained by the London Free Press, said the county had hired an external consultant to help resolve a “cybersecurity incident” amid concerns over a increase in spam emails sent to staff containing malicious attachments. .

The county has notified everyone whose information has been compromised, including the 33 people for whom the county was required by law to take this action, Gonyou said. Their compromised data contained “sensitive personal information including health card numbers, social insurance numbers and financial information,” she said.

Social insurance numbers and health card numbers can be gateways to identity theft.

Elgin reported the incident to authorities, including the Ontario Provincial Police and the Information and Privacy Commissioner of Ontario, who did not immediately respond to Friday’s revelations.

Outside legal and cybersecurity experts were brought in to investigate, Gonyou said, noting that there is “no evidence to suggest that any of this information was used for criminal activity or anything of that nature.” harmful”.

A crippling cyberattack on Stratford’s computer systems in 2019 led to the city paying a ransom of more than $75,000 in Bitcoins, a digital currency, and another attack the same year on Woodstock ended up costing the city more than $667,000 even though she never reached the hacker or paid a ransom.

Instead, the bulk of the cost came from hiring outside experts and paying staff overtime to help the city emerge from the three-week attack and rebuild its computer networks.

Advertisement 4

Content of the article

Elgin is offering 12 months of credit and identity theft protection services to those affected by the breach. Officials have worked “tirelessly” to resolve the issue and have warned other organizations and residents to beware of potential cyber breaches, Gonyou said.

“We have had strong security measures in place for a long time,” she said of Elgin. “But (with) cybercriminals and individuals undertaking these kinds of targeted attacks, their tactics are constantly evolving.

Staff and residents are encouraged to report suspicious activity to the police and to the Canadian Anti-Fraud Center at antifraudcentre-centreantifraude.ca.

cleon@postmedia.com

twitter.com/CalviatLFPress

The Local Journalism Initiative is funded by the Government of Canada

Advertisement 1

comments

Postmedia is committed to maintaining a lively yet civil discussion forum and encourages all readers to share their views on our articles. Comments can take up to an hour to be moderated before appearing on the site. We ask that you keep your comments relevant and respectful. We have enabled email notifications. You will now receive an email if you receive a reply to your comment, if there is an update to a comment thread you follow, or if a user follows you comments. See our Community Guidelines for more information and details on how to adjust your email settings.

Leave a Reply