City of Toronto exposed Tridel's banking information, city officials say
![City hall Toronto city hall is seen on Friday, September 1, 2017. THE CANADIAN PRESS/Chris Young](/content/dam/ctvnews/en/images/2021/3/10/city-hall-1-5341029-1635633489504.jpg)
The City of Toronto exposed developer Tridel’s banking information to the public, city officials confirmed.
Tridel discovered its financial information was posted on a city web page, and alerted city officials of the incident in April, City of Toronto Media Relations Manager Russell Baker told CTV News.
“The City immediately removed the information and an internal investigation is underway,” Baker said.
Michael Mestyan, Tridel’s Vice President of Development Planning, said the company’s account information for transferring funds to the city was posted on the city's Application Information Centre website, which provides information on all active Community Planning, Committee of Adjustment and Toronto Local Appeal Body applications.
The duration this data was exposed is unknown, Mestyan said. “We cancelled the account immediately and are currently not aware of any issues that stemmed from the incident.”
Data breaches have recently plagued institutions in Toronto. Just a day earlier, the Toronto District School Board launched an investigation into a suspected cyberattack. This came on the heels of the public library’s paralyzing, months-long cyberattack, followed by hackers targeting the Toronto Zoo.
However, this breach is different, CTV Technology Analyst Carmi Levy said.
“What separates this case is that this wasn't a criminal act. This was a negligent act. And it was an accidental exposure by the City of Toronto,” Levy said, pointing out the fact that data was posted on the city’s website, rather than on the dark web where criminal hackers sell stolen data.
“This is about as nightmarish a scenario as you can imagine because something like this should never happen,” he said.
The first failure was that private data was posted to the public, highlighting a “very significant weakness” in the city’s management of information posted online.
“Failure number two was the information was out there and the city was blindly unaware of it until the victim of this error notified them that it was out there,” Levy said.
Given that an investigation is underway, Levy acknowledged his interpretation could differ from the findings, but that his initial observation was that this was not an attack – it was a mistake.
While information on how a data breach of this nature could happen remains sparse, cybersecurity expert Terry Cutler said it sounds like an inside job.
“When cyber criminals get access to a financial database with banking information, they would usually leak the whole thing,” Cutler said. Typically, hackers expose data on the dark web or extort the company that’s been breached.
“They just want money,” he said. “Once that data is out there, scammers can start doing financial fraud against Tridel.”
Speaking to the frequency of public institutions falling victim to cyberattacks, Cutler said it points to the fact that criminals now know these organizations don’t have the money or resources to deal with cyber security.
“It makes them a prime target,” he said.
CTVNews.ca Top Stories
![](https://www.ctvnews.ca/polopoly_fs/1.6940448.1719339188!/httpImage/image.jpg_gen/derivatives/landscape_800/image.jpg)
'Why did I have this surgery?' Ont. mother seeks answers after son's tonsil surgery
An Ontario mother said it looked like a horror movie when she flicked on the lights of her son’s bedroom to find him projectile vomiting blood after his tonsils were removed at McMaster Children’s Hospital.
No charges for driver in 2023 Manitoba bus crash that killed 17 seniors: RCMP
Manitoba RCMP and Crown prosecutors will not lay charges against the driver of a bus involved in a crash with a semi-truck in 2023.
Biden pardons potentially thousands of ex-service members convicted under now-repealed gay sex ban
U.S. President Joe Biden pardoned potentially thousands of former U.S. service members convicted of violating a now-repealed military ban on consensual gay sex, saying Wednesday that he is “righting an historic wrong" to clear the way for them to regain lost benefits.
Gassy cows and pigs will face a carbon tax in Denmark, a world first
Denmark will tax livestock farmers for the greenhouse gases emitted by their cows, sheep and pigs from 2030, the first country to do so as it targets a major source of methane emissions, one of the most potent gases contributing to global warming.
'Deeply unserious': Vancouver councillor claims mayor turned city hall boardroom into gym
A Vancouver city councillor is calling out Mayor Ken Sim for apparently limiting access to a city hall boardroom and turning it into a makeshift gym.
Fed up with the U.K. Conservatives, some voters turn to the anti-immigration Reform party for answers
Britain is going to the polls to elect a new House of Commons at a time when public dissatisfaction is running high over a host of issues, from the high cost of living and a stagnating economy to a dysfunctional state health care system and crumbling infrastructure.
One of Canada's most popular vehicles recalled over transmission issue; 95,000 impacted
One of the country's most popular vehicles is being recalled in Canada due to a transmission issue that may impact tens of thousands of drivers.
Puppy mills now illegal in Ontario, but advocates say little will change for dogs
Puppy mills are now illegal in Ontario after the province recently passed legislation banning them, but critics say the new law will do little to curb the problem.
Calgary feeder main repairs complete, water service could be restored sooner than expected
Repair work on Calgary’s broken water main is progressing faster than anticipated, but there are still a few more steps crews need to complete before water restrictions are lifted in the city.