Cyberattack hits vaccine records for thousands of Durham Region children: CTV News investigation
The personal information of more than three thousand children in daycares throughout Durham Region was stolen in a cyberattack early this year that CTV News Toronto has learned is larger than previously known.
That data from some 80 daycares, which also included the detailed vaccination records of some 200 children, was recently discovered on a website with ties to a Ukrainian group believed to be involved in ransomware attacks that was raided by police in June.
“That it’s out there for anybody to see is a little jarring,” Chris Perera said after learned his two-year-old child’s vaccine record was among the files that had been taken.
He said he had been warned in general by Durham Region that his data may have been affected, but he wished they had been more specific so that he would be able to better respond.
“When you get a letter from the region saying your information has been leaked, your head is going so many different ways, I wish they could have said specifically what’s out there,” he said.
Records seem to indicate that the personal information of some 3200 children and their families were taken as part of a file transfer that appears to be related to the uploading of the children’s vaccination status to the region’s health department.
Some day cares have been told that they are to cease sending that detailed vaccination information for now.
Nadine Koch, a supervisor at Kindertots Child Care Centre in Ajax, said her daycare has taken on keeping track of vaccination records by themselves.
“We’re just handling it on our own because we haven’t been told when to submit it. It’s been put on the back burner,” she said.
Koch said the region had informed them that they were among the daycares affected in April, the month after the breach was first discovered.
The breach appears to be related to the Accellion file transfer system, Brett Callow a threat analyst with Emsisoft told CTV News Toronto.
“That data somehow ended up in the hands of a group called CLOP,” he said.
The Ukrainian police said in a statement on their website they believe CLOP is behind attacks from South Korea to the United States, pointing to attacks in 2021 on the personal data and financial reports of Stanford University Medical School, the University of Maryland, and the University of California.
News of the arrests was sure to disrupt the group to some extent, but the group’s presence continues online, he said.
The Accellion software has been fixed, he said.
Durham Region has said it took “prompt steps” to contain the incident, which it said was caused by a vulnerability in a third party software.
“We have stopped using the third party software involved,” the region has said.
Perera said he is not as bothered about the information being online as he might be in another circumstance, as the vaccination data of his two-year-old isn’t going to help online predatorsin further attacks, including attempts at identity theft.
But he said it’s important that the region’s computers are secure.
"Cybersecurity needs to be a priority, especially when it’s an infrastructure that communicates such specific information."
CTVNews.ca Top Stories
Five years after toddler's brutal death, Northern Ont. family struggles to find peace, justice
A North Bay family is struggling to find peace and justice as the five-year anniversary of the brutal death of toddler Oliver McCarthy approaches.
Alberta RCMP officer charged with 2 counts of sexual assault
Const. Bridget Morla, a Leduc RCMP officer, has been charged with two counts of sexual assault in connection with an incident that happened two years ago.
Ontario dad removes hockey rink at heart of neighbour dispute
A Markham dad who drew the ire of neighbours and the city after installing a hockey rink in his backyard says the rink has now been taken down.
Kingston, Ont. doctor in 'disbelief' after being ordered to repay $600K for pandemic vaccination payments
An Ontario health tribunal has ordered a Kingston, Ont. doctor to repay over $600,000 to the Ontario government for improperly billing thousands of COVID-19 vaccinations at the height of the pandemic.
Three climbers from the U.S. and Canada are missing on New Zealand's highest peak
Three mountain climbers from the U.S. and Canada are missing after they failed to return from a planned ascent of New Zealand's highest peak, Aoraki, authorities said Tuesday.
Motivated by obsession: Canadians accused in botched California murder plot in police custody
Two Canadians are in police custody in Monterey County, California, after a triple stabbing police say was motivated by a B.C. man's obsession with a woman he played video games with online.
Trump demands immediate release of Oct. 7 hostages, says otherwise there will be 'HELL TO PAY'
President-elect Donald Trump is demanding the immediate release of the Israeli hostages still being held in Gaza, saying that if they are not freed before he is sworn into office there will be “HELL TO PAY."
Belly fat linked to signs of Alzheimer’s 20 years before symptoms begin, study says
As the size of a person’s belly grows, the memory centre of their brain shrinks and beta amyloid and tau may appear — all of this occurring as early as a person’s 40s and 50s, well before any cognitive decline is apparent, according to new research.
More RCMP and CBSA ‘human resources’ destined for border, Public Safety Minister LeBlanc says
Public Safety Minister Dominic LeBlanc says the federal government will 'absolutely' be adding more Canadian Border Services Agency (CBSA) and RCMP ‘human resources’ at the border.