Cyberattack hits vaccine records for thousands of Durham Region children: CTV News investigation
The personal information of more than three thousand children in daycares throughout Durham Region was stolen in a cyberattack early this year that CTV News Toronto has learned is larger than previously known.
That data from some 80 daycares, which also included the detailed vaccination records of some 200 children, was recently discovered on a website with ties to a Ukrainian group believed to be involved in ransomware attacks that was raided by police in June.
“That it’s out there for anybody to see is a little jarring,” Chris Perera said after learned his two-year-old child’s vaccine record was among the files that had been taken.
He said he had been warned in general by Durham Region that his data may have been affected, but he wished they had been more specific so that he would be able to better respond.
“When you get a letter from the region saying your information has been leaked, your head is going so many different ways, I wish they could have said specifically what’s out there,” he said.
Records seem to indicate that the personal information of some 3200 children and their families were taken as part of a file transfer that appears to be related to the uploading of the children’s vaccination status to the region’s health department.
Some day cares have been told that they are to cease sending that detailed vaccination information for now.
Nadine Koch, a supervisor at Kindertots Child Care Centre in Ajax, said her daycare has taken on keeping track of vaccination records by themselves.
“We’re just handling it on our own because we haven’t been told when to submit it. It’s been put on the back burner,” she said.
Koch said the region had informed them that they were among the daycares affected in April, the month after the breach was first discovered.
The breach appears to be related to the Accellion file transfer system, Brett Callow a threat analyst with Emsisoft told CTV News Toronto.
“That data somehow ended up in the hands of a group called CLOP,” he said.
The Ukrainian police said in a statement on their website they believe CLOP is behind attacks from South Korea to the United States, pointing to attacks in 2021 on the personal data and financial reports of Stanford University Medical School, the University of Maryland, and the University of California.
News of the arrests was sure to disrupt the group to some extent, but the group’s presence continues online, he said.
The Accellion software has been fixed, he said.
Durham Region has said it took “prompt steps” to contain the incident, which it said was caused by a vulnerability in a third party software.
“We have stopped using the third party software involved,” the region has said.
Perera said he is not as bothered about the information being online as he might be in another circumstance, as the vaccination data of his two-year-old isn’t going to help online predatorsin further attacks, including attempts at identity theft.
But he said it’s important that the region’s computers are secure.
"Cybersecurity needs to be a priority, especially when it’s an infrastructure that communicates such specific information."
CTVNews.ca Top Stories
About 4,000 beagles destined for drug experiments finding new homes
About 4,000 beagles are looking for homes after animal rescue organizations started removing them from a Virginia facility that bred them to be sold to laboratories for drug experiments.

Anne Heche taken off life support, 9 days after car crash
Anne Heche, the Emmy-winning film and television actor whose dramatic Hollywood rise in the 1990s and accomplished career contrasted with personal chapters of turmoil, died of injuries from a fiery car crash. She was 53.
Brothers dead after SUV crashes into North Carolina restaurant, police say
A sport utility vehicle crashed into a North Carolina fast-food restaurant on Sunday, killing two sibling customers, police said.
Weapon in deadly 'Rust' film set shooting could not be fired without pulling the trigger, FBI forensic testing finds
FBI testing of the gun used in the fatal shooting on the movie set of 'Rust' found that the weapon handled by actor Alec Baldwin could not be fired without pulling the trigger while the gun was cocked, according to a newly released forensics report.
U.S. man allegedly drives into fundraiser crowd before killing mother
Pennsylvania state police say a man who was upset about an argument with his mother drove through a crowd at a fundraiser for victims of a recent deadly house fire, killing one person at the event and injuring 17 others, then returned home and beat his mother to death.
Warming climate could see a future California flood become the world's costliest disaster, study suggests
A new study is offering a dire prediction for the U.S. state of California, where scientists say catastrophic flooding could become twice as likely in the future due to the effects of climate change.
Testosterone promotes both aggression and 'cuddling' in gerbils, study finds
A recent study on rodents has found testosterone, despite being commonly associated with aggression, can also foster friendly behaviours in males.
Republicans demand to see affidavit that justified FBI search of Trump's home
Republicans stepped up calls on Sunday for the release of an FBI affidavit showing the underlying justification for its seizure of documents at former President Donald Trump's Mar-a-Lago home.
Norway puts down Freya the walrus that drew Oslo crowds
Authorities in Norway said Sunday they have euthanized a walrus that had drawn crowds of spectators in the Oslo Fjord after concluding that it posed a risk to humans.