More than a month after a “cyber security incident” shut down its internet services – from April 1, 2022 to April 27, 2022 – the County of Elgin Friday reported that the “personal information” of at least 340 people was stolen and posted on the ‘dark web’.
“While the investigation is ongoing, evidence shows that an unauthorized third party gained access to files containing personal information belonging to: some current and former staff of the County of Elgin; and some current and former residents of Elgin’s three Long-Term Care Homes,” according to prepared messages in a statement issued by the County at 1:32 p.m. on Friday.
“For those individuals impacted by a sensitive personal breach, free credit monitoring and identity theft protection will be provided,” the prepared statement continues. “The County of Elgin has no evidence to suggest that personal information was used to commit fraud or identity theft as a result of this incident.
“However, we do recommend that you remain vigilant and report any suspicious activity related to your personal information while the forensic audit is ongoing,” the statement adds.
“At this point in our investigation, there is no evidence to show that general members of the public were impacted by the County’s data breach.”
Notifications of the information breach were sent to victims today by email and snail-mail.
The County believes it “has contained and remediated the cyber incident,” and is co-operating with an Ontario Provincial Police (OPP) investigation, with the help of “external cybersecurity experts.”
The Canadian Centre for Cyber Security (CCCS) states that organizations of all sizes, including small- and medium-sized enterprises, municipalities, universities, and critical infrastructure providers, face a growing number of cyber threats.
CCCS said criminals are interested in these organizations’ assets, such as intellectual property, financial information and payment systems, data about customers, partners and suppliers, and industrial plants and machinery.
Closer to home, the City of Stratford paid $75,000 to resolve a ransomware attack in April 2019. Later that year, the City of Woodstock spent $667,000 to fix a three-week cyber attack.
Those recent experiences raised some concerns locally when Elgin County’s websites were shut down.
“It seems that the County was unprepared in today’s world of ransomware and cyber security hacking,” said Terry Campbell, a Port Stanley resident. “And slow in advising the public, thereby further exposing taxpayers and clients.”
Another Port Stanley resident Andrew Sloan said: “If you’re trying to get a building permit or for most municipal services you are directed to the website. For someone like me, trying to get a land severance, the County site was down for more than a month which makes the process a difficult one. Staff did their best to accommodate, which I appreciate, but projects like mine will be delayed as a result.”