Good Shepherd - NOTICE OF DATA SECURITY INCIDENT
24128207.1
NOTICE OF DATA SECURITY INCIDENT
Good Shepherd regrets to inform you that we were the victims of a data security incident which
impacted our systems on September 27, 2020.
What happened?
An unauthorized user gained access to our IT environment to shut down our systems, but then
quickly facilitated restoration after realizing that Good Shepherd is a non-profit.
What information was involved?
The intruder may have obtained a copy of some personal information, but provided evidence that
any information taken was then destroyed. The personal information affected would vary from
person to person, but may potentially have included some of the following: Social Insurance
Numbers, health card numbers, diagnosis, client case files and banking information. The donor
database used by Good Shepherd containing donor financial information was not affected. We
have not identified any evidence of misuse of information.
What are we doing to help?
Protecting personal information is a top priority for Good Shepherd. Immediately upon learning of
the incident, we took steps to block the unauthorized access and investigate the incident.
Although there were data security safeguards in place at the time of this incident, Good Shepherd
has taken additional steps to further safeguard its systems. We have been advised that there are
currently no indication of compromise within our systems.
We have also reported the incident to the Hamilton Police Service, the Information and the Privacy
Commissioner of Ontario, City of Hamilton, Local Health Integration Network and the Minister of
Children, Community and Social Services.
Why did it take so long to notify you?
We deeply regret what has happened and want to assure you that we have taken this incident
very seriously. Immediately upon learning of the incident, we took steps to block the unauthorized
access. We have been investigating the incident with the assistance of a third party forensic cyber
expert to determine what information may have been accessed and which individuals may have
been impacted. Unfortunately, we have not been able to determine which individuals’ personal
information may have been taken and then destroyed, and as a result are providing this indirect
notice.
24128207.1
What can you do?
As a precautionary measure, you may wish to contact your bank or credit card company if you
have banking or credit card information registered with Good Shepherd, as well as any relevant
government offices to advise them that you may potentially have been affected by this incident.
As always, we recommend you monitor and verify all your bank accounts, credit card and other
financial transaction statements for any suspicious activity.
If you suspect misuse of your personal information, you can obtain a copy of your credit report
from a credit reporting bureau to verify the legitimacy of the transactions listed.
• Equifax at 1-800-465-7166 or www.equifax.ca
• TransUnion at 1-800-663-9980 or www.transunion.ca
If you are concerned that you may be a victim of fraud, you may request these bureaus place a
fraud alert on your credit files instructing creditors to contact you before opening any new
accounts.
If you suspect misuse of your health card number, you can report suspected cases of fraud by
calling the Ministry of Health and Long-Term Care at 1-888-781-5556 or e-mail at
[email protected].
You may also wish to review this publication from the Information and Privacy Commissioner of
Ontario, Identity Theft: A Crime of Opportunity
Finally, we remind you of your right to make a complaint to the Information and Privacy
Commissioner of Ontario (the “IPC”). To contact the IPC click here.
For more information:
We apologize for any concern this incident may cause and assure you that we are committed to
continually enhancing our security and providing ongoing training to our employees to be aware
of cybersecurity risks. Please do not hesitate to contact us if you have any questions.
For further information regarding how this incident impacts you and for contact information, we
invite you to email [email protected]
NOTICE OF DATA SECURITY INCIDENT
Good Shepherd regrets to inform you that we were the victims of a data security incident which
impacted our systems on September 27, 2020.
What happened?
An unauthorized user gained access to our IT environment to shut down our systems, but then
quickly facilitated restoration after realizing that Good Shepherd is a non-profit.
What information was involved?
The intruder may have obtained a copy of some personal information, but provided evidence that
any information taken was then destroyed. The personal information affected would vary from
person to person, but may potentially have included some of the following: Social Insurance
Numbers, health card numbers, diagnosis, client case files and banking information. The donor
database used by Good Shepherd containing donor financial information was not affected. We
have not identified any evidence of misuse of information.
What are we doing to help?
Protecting personal information is a top priority for Good Shepherd. Immediately upon learning of
the incident, we took steps to block the unauthorized access and investigate the incident.
Although there were data security safeguards in place at the time of this incident, Good Shepherd
has taken additional steps to further safeguard its systems. We have been advised that there are
currently no indication of compromise within our systems.
We have also reported the incident to the Hamilton Police Service, the Information and the Privacy
Commissioner of Ontario, City of Hamilton, Local Health Integration Network and the Minister of
Children, Community and Social Services.
Why did it take so long to notify you?
We deeply regret what has happened and want to assure you that we have taken this incident
very seriously. Immediately upon learning of the incident, we took steps to block the unauthorized
access. We have been investigating the incident with the assistance of a third party forensic cyber
expert to determine what information may have been accessed and which individuals may have
been impacted. Unfortunately, we have not been able to determine which individuals’ personal
information may have been taken and then destroyed, and as a result are providing this indirect
notice.
24128207.1
What can you do?
As a precautionary measure, you may wish to contact your bank or credit card company if you
have banking or credit card information registered with Good Shepherd, as well as any relevant
government offices to advise them that you may potentially have been affected by this incident.
As always, we recommend you monitor and verify all your bank accounts, credit card and other
financial transaction statements for any suspicious activity.
If you suspect misuse of your personal information, you can obtain a copy of your credit report
from a credit reporting bureau to verify the legitimacy of the transactions listed.
• Equifax at 1-800-465-7166 or www.equifax.ca
• TransUnion at 1-800-663-9980 or www.transunion.ca
If you are concerned that you may be a victim of fraud, you may request these bureaus place a
fraud alert on your credit files instructing creditors to contact you before opening any new
accounts.
If you suspect misuse of your health card number, you can report suspected cases of fraud by
calling the Ministry of Health and Long-Term Care at 1-888-781-5556 or e-mail at
[email protected].
You may also wish to review this publication from the Information and Privacy Commissioner of
Ontario, Identity Theft: A Crime of Opportunity
Finally, we remind you of your right to make a complaint to the Information and Privacy
Commissioner of Ontario (the “IPC”). To contact the IPC click here.
For more information:
We apologize for any concern this incident may cause and assure you that we are committed to
continually enhancing our security and providing ongoing training to our employees to be aware
of cybersecurity risks. Please do not hesitate to contact us if you have any questions.
For further information regarding how this incident impacts you and for contact information, we
invite you to email [email protected]
