Cyberattack hits vaccine records for thousands of Durham Region children: CTV News investigation
The personal information of more than three thousand children in daycares throughout Durham Region was stolen in a cyberattack early this year that CTV News Toronto has learned is larger than previously known.
That data from some 80 daycares, which also included the detailed vaccination records of some 200 children, was recently discovered on a website with ties to a Ukrainian group believed to be involved in ransomware attacks that was raided by police in June.
“That it’s out there for anybody to see is a little jarring,” Chris Perera said after learned his two-year-old child’s vaccine record was among the files that had been taken.
He said he had been warned in general by Durham Region that his data may have been affected, but he wished they had been more specific so that he would be able to better respond.
“When you get a letter from the region saying your information has been leaked, your head is going so many different ways, I wish they could have said specifically what’s out there,” he said.
Records seem to indicate that the personal information of some 3200 children and their families were taken as part of a file transfer that appears to be related to the uploading of the children’s vaccination status to the region’s health department.
Some day cares have been told that they are to cease sending that detailed vaccination information for now.
Nadine Koch, a supervisor at Kindertots Child Care Centre in Ajax, said her daycare has taken on keeping track of vaccination records by themselves.
“We’re just handling it on our own because we haven’t been told when to submit it. It’s been put on the back burner,” she said.
Koch said the region had informed them that they were among the daycares affected in April, the month after the breach was first discovered.
The breach appears to be related to the Accellion file transfer system, Brett Callow a threat analyst with Emsisoft told CTV News Toronto.
“That data somehow ended up in the hands of a group called CLOP,” he said.
The Ukrainian police said in a statement on their website they believe CLOP is behind attacks from South Korea to the United States, pointing to attacks in 2021 on the personal data and financial reports of Stanford University Medical School, the University of Maryland, and the University of California.
News of the arrests was sure to disrupt the group to some extent, but the group’s presence continues online, he said.
The Accellion software has been fixed, he said.
Durham Region has said it took “prompt steps” to contain the incident, which it said was caused by a vulnerability in a third party software.
“We have stopped using the third party software involved,” the region has said.
Perera said he is not as bothered about the information being online as he might be in another circumstance, as the vaccination data of his two-year-old isn’t going to help online predatorsin further attacks, including attempts at identity theft.
But he said it’s important that the region’s computers are secure.
"Cybersecurity needs to be a priority, especially when it’s an infrastructure that communicates such specific information."
CTVNews.ca Top Stories
'Immoral depravity': Two men convicted in case of frozen migrant family in Manitoba
A jury has found two men guilty on human smuggling charges in a case where a family from India froze to death in Manitoba while trying to walk across the Canada-U.S. border.
Canada's tax relief plan: Who gets a cheque?
The Canadian government has unveiled its plans for a sweeping GST/HST pause on select items during the holiday period. The day after the announcement, questions remain on how the whole thing will work.
Quebec man, 81, gets prison sentence after admitting to killing wife with Alzheimer's disease
An 81-year-old Quebec man has been sentenced to prison after admitting to killing his wife with Alzheimer's disease.
Canada Post losses top $300M as strike enters second week -- and rivals step in
Canada Post saw hundreds of millions of dollars drain out of its coffers last quarter, due largely to its dwindling share of the parcels market, while an ongoing strike continues to batter its bottom line.
Nearly 46,000 electric vehicles recalled in Canada over potential power loss
Nearly 46,000 electric vehicles from Kia, Hyundai and Genesis are being recalled in Canada over a potential power loss issue that can increase the risk of a crash.
Pat King found guilty of mischief for role in 'Freedom Convoy'
Pat King, one of the most prominent figures of the 2022 'Freedom Convoy' in Ottawa, has been found guilty on five counts including mischief and disobeying a court order.
Canada issues travel warning after 6 people die from tainted alcohol in Laos
The Canadian government is warning travellers following the deaths of at least six people in the mass poisoning of foreign tourists in Laos after drinking tainted alcohol.
Ground beef tied to U.S. E. coli recall, illnesses wasn't sold in Canada: distributor
At least 15 people have been sickened by E. coli poisoning tied to a recall of potentially tainted ground beef, U.S. federal health officials said. The company tells CTVNews.ca it was not sold in Canada.
Canada's new income tax brackets in 2025: What you need to know
The Canada Revenue Agency has released updated federal income tax brackets for 2025, reflecting adjustments for inflation. Here’s the breakdown.