Hackers leak police takedown video, medical records in Durham Region breach: CTV News Toronto investigation
Hackers leak police takedown video, medical records in Durham Region breach: CTV News Toronto investigation
Jon Woodward
Jon Woodward
CTV News Toronto Videojournalist
@CTV_Jon Contact
Published Tuesday, October 19, 2021 6:45PM EDT
Last Updated Tuesday, October 19, 2021 7:04PM EDT
Volume 90%
Durham data breach larger than previously known
NOW PLAYING A CTV News Toronto investigation has discovered that a data breach at Durham regional government is much larger than previously known.
SHARE:
Share3 Reddit
TORONTO -- A CTV News Toronto investigation has discovered that a data breach at the Durham Regional government is much larger than already known, including medical reports, complaints about medical treatment, and potential evidence in a criminal case.
That data, including security camera video that shows a man’s arrest on a Durham Regional Transit bus by Toronto Police officers, is the kind of thing that should have been encrypted to protect privacy in case of a hostile cyberattack, says Ontario’s former information and privacy commissioner, Ann Cavoukian.
“It is astonishing to me,” Cavoukian said in an interview, pointing to an order she made back in 2010 to Durham region to encrypt some portable medical data after an employee lost a USB stick.
Related Stories
Cyberattack hits vaccine records for thousands of Durham Region children: CTV News investigation
Durham told to encrypt health data on mobile devices
“The value of encryption is enormous. In this case, when you’re talking about someone hacking, it doesn’t matter what the cause of the interception is, if you encrypt the data, especially sensitive health data, then you’ve protected it from the beginning,”
Durham Region has said they were a victim of a cybersecurity incident, which occurred through a third-party software provider. Several gigabytes of its data was posted online by a group called CLOP. Members of that group were arrested this summer in Ukraine.
At the time, police there said the group’s worldwide ransomware attacks included several Canadian companies, costing its victims around $500 million.
The region of Durham was just one of those victims. At first they announced their breach involved the personal information of tens of thousands of public school students. CTV News Toronto revealed in August it also included thousands of children in day care, including their vaccination statuses.
The new video shows the bus travelling at Ellesmere and Meadowvale at about 5:10 p.m. on December 5.
A man gets on and sits in the seats to the rear of the driver. A short time after that, police cars surround the bus, and officers board to subdue the man.
“Do you have any weapons on you, bud?” one officer asks.
“No, not today,” he responds.
The man is taken off the bus and eventually would be charged with attempted murder, aggravated assault with a weapon, possession of a weapon, carrying a concealed weapon, theft, assault, and disobeying a court order.
His lawyer didn’t wish to comment to CTV News Toronto.
Toronto Police Service confirmed several details of the incident, and expressed concern that this video was public before the man’s trial.
“As this case is before the courts, any video of the arrest is considered evidence,” a TPS spokesperson said.
The CLOP data dump also includes applications for government assistance, medical reports, and complaints about medical treatment.
Some people whose names were mentioned in these documents told CTV News Toronto that Durham Region had contacted them; others said they had no idea -- including the driver of the Durham Regional Transit bus.
“The incident impacted a small portion of the overall data managed by the region… working with third-party experts, we have completed our investigation into this incident and taken actions to strengthen our cybersecurity safeguards,” the region said in a statement.
Backstory:
Durham Region was a victim of cybersecurity incident, which occurred through a third-party software provider. This software is no longer used by the Region.
The incident impacted a small portion of the overall data managed by the Region. We have directly notified all individuals who we identified may have been affected and invited them to reach out for additional information. We also posted public statements and FAQs at www.durham.ca/CyberSecurity. It is important to note that there is no evidence of personal information listed within notification letters being compromised or misused.
Working with third-party experts, we have completed our investigation into this incident and taken actions to strengthen our cybersecurity safeguards. We have reported this incident to the regulator and will work to implement any recommendations they provide.
We have provided additional information to residents at www.durham.ca/CyberSecurity. We are committed to protecting the privacy of residents. We are sorry for the inconvenience this may have caused.
Jon Woodward
Jon Woodward
CTV News Toronto Videojournalist
@CTV_Jon Contact
Published Tuesday, October 19, 2021 6:45PM EDT
Last Updated Tuesday, October 19, 2021 7:04PM EDT
Volume 90%
Durham data breach larger than previously known
NOW PLAYING A CTV News Toronto investigation has discovered that a data breach at Durham regional government is much larger than previously known.
SHARE:
Share3 Reddit
TORONTO -- A CTV News Toronto investigation has discovered that a data breach at the Durham Regional government is much larger than already known, including medical reports, complaints about medical treatment, and potential evidence in a criminal case.
That data, including security camera video that shows a man’s arrest on a Durham Regional Transit bus by Toronto Police officers, is the kind of thing that should have been encrypted to protect privacy in case of a hostile cyberattack, says Ontario’s former information and privacy commissioner, Ann Cavoukian.
“It is astonishing to me,” Cavoukian said in an interview, pointing to an order she made back in 2010 to Durham region to encrypt some portable medical data after an employee lost a USB stick.
Related Stories
Cyberattack hits vaccine records for thousands of Durham Region children: CTV News investigation
Durham told to encrypt health data on mobile devices
“The value of encryption is enormous. In this case, when you’re talking about someone hacking, it doesn’t matter what the cause of the interception is, if you encrypt the data, especially sensitive health data, then you’ve protected it from the beginning,”
Durham Region has said they were a victim of a cybersecurity incident, which occurred through a third-party software provider. Several gigabytes of its data was posted online by a group called CLOP. Members of that group were arrested this summer in Ukraine.
At the time, police there said the group’s worldwide ransomware attacks included several Canadian companies, costing its victims around $500 million.
The region of Durham was just one of those victims. At first they announced their breach involved the personal information of tens of thousands of public school students. CTV News Toronto revealed in August it also included thousands of children in day care, including their vaccination statuses.
The new video shows the bus travelling at Ellesmere and Meadowvale at about 5:10 p.m. on December 5.
A man gets on and sits in the seats to the rear of the driver. A short time after that, police cars surround the bus, and officers board to subdue the man.
“Do you have any weapons on you, bud?” one officer asks.
“No, not today,” he responds.
The man is taken off the bus and eventually would be charged with attempted murder, aggravated assault with a weapon, possession of a weapon, carrying a concealed weapon, theft, assault, and disobeying a court order.
His lawyer didn’t wish to comment to CTV News Toronto.
Toronto Police Service confirmed several details of the incident, and expressed concern that this video was public before the man’s trial.
“As this case is before the courts, any video of the arrest is considered evidence,” a TPS spokesperson said.
The CLOP data dump also includes applications for government assistance, medical reports, and complaints about medical treatment.
Some people whose names were mentioned in these documents told CTV News Toronto that Durham Region had contacted them; others said they had no idea -- including the driver of the Durham Regional Transit bus.
“The incident impacted a small portion of the overall data managed by the region… working with third-party experts, we have completed our investigation into this incident and taken actions to strengthen our cybersecurity safeguards,” the region said in a statement.
Backstory:
Durham Region was a victim of cybersecurity incident, which occurred through a third-party software provider. This software is no longer used by the Region.
The incident impacted a small portion of the overall data managed by the Region. We have directly notified all individuals who we identified may have been affected and invited them to reach out for additional information. We also posted public statements and FAQs at www.durham.ca/CyberSecurity. It is important to note that there is no evidence of personal information listed within notification letters being compromised or misused.
Working with third-party experts, we have completed our investigation into this incident and taken actions to strengthen our cybersecurity safeguards. We have reported this incident to the regulator and will work to implement any recommendations they provide.
We have provided additional information to residents at www.durham.ca/CyberSecurity. We are committed to protecting the privacy of residents. We are sorry for the inconvenience this may have caused.