Personal info of hundreds compromised by Elgin County cyber-failure

·3 min read

Personal information about more than 300 people, some of it highly sensitive, was compromised by a "cyber-security incident" that knocked out Elgin County's website and email system for nearly a month, its top bureaucrat says.

The disruption — the latest in a recent rash of threats to civic data systems in Southwestern Ontario — forced the county to deactivate its website and email system for most of April and led to the breach of personal and employment information of 330 people, including county employees and five long-term care residents and former residents, Julie Gonyou, Elgin's chief administrative officer, said Friday.

Elgin, like all Ontario counties, operates a home for the aged, Elgin Manor.

“We took our networks down on April 1,” after containing the threat and added more security before resuming operations April 27, Gonyou said.

Days later, officials learned the information made it to the so-called dark web, an area of the Internet accessible only through special browsers that allow users to anonymously share information.

“We were notified by our cyber-security team on May 3, in the afternoon, that files had been dumped on the dark web,” Gonyou said.

"It was one 'dump' of information — with documents that included information about 330 individuals, of which 33 was highly sensitive," the administrator revealed in a follow-up exchange.

The county has not provided any detail about what the "cyber-security incident" was, but Gonyou said it did not appear to be a "ransomware attack.”

“We didn't have to make a payment for a decryption key or anything to that matter or effect,” she said. She declined to comment further on the cause, saying it is still being probed by investigators.

An internal county memo dated March 31, a copy of which was obtained by The London Free Press, said the county hired an external consultant to help fix a “cyber security incident” amid concerns over an increase in spam emails sent to staff containing malicious attachments.

The county notified everyone whose information was compromised, including the 33 people for whom the county was required by law to take that step, Gonyou said. Their compromised data contained "some sensitive personal information, including health card numbers, social insurance numbers and financial information,” she said.

Social insurance numbers and health card numbers can be gateways to identity theft.

Elgin reported the incident to authorities including the Ontario Provincial Police and Ontario's Information and Privacy Commissioner, neither of which immediately responded to Friday's revelations.

Outside legal and cyber-security experts were brought in to investigate, said Gonyou, noting there is “no evidence to suggest that any of that information has been used for criminal activity or anything nefarious.”

A crippling cyber-attack on Stratford's computer systems in 2019 led the city to pay a ransom of more than $75,000 in Bitcoins, a digital currency, and another attack the same year against Woodstock ended up costing the city more than $667,000 even though it never reached out to the hacker or paid a ransom.

Instead, the bulk of the cost came from hiring outside experts and paying staff overtime to help the city dig out from the three-week attack and rebuild its computer networks.

Elgin is offering 12 months of credit protection and identity theft services for those affected by the breach. Officials worked "tirelessly" to resolve the issue and cautioned other organizations and residents to be wary of potential cyber breaches, Gonyou said.

“We've long had robust security measures in place,” she said of Elgin. “But (with) cyber-criminals and those individuals who are undertaking these types of targeted attacks, their tactics are evolving constantly.

Staff and residents are encouraged to report any suspicious activity to police and the Canadian Anti-Fraud Centre, at antifraudcentre-centreantifraude.ca.

cleon@postmedia.com

twitter.com/CalviatLFPress

Calvi Leon, Local Journalism Initiative Reporter, London Free Press

Our goal is to create a safe and engaging place for users to connect over interests and passions. In order to improve our community experience, we are temporarily suspending article commenting