Cyberattack hits vaccine records for thousands of Durham Region children: CTV News investigation
The personal information of more than three thousand children in daycares throughout Durham Region was stolen in a cyberattack early this year that CTV News Toronto has learned is larger than previously known.
That data from some 80 daycares, which also included the detailed vaccination records of some 200 children, was recently discovered on a website with ties to a Ukrainian group believed to be involved in ransomware attacks that was raided by police in June.
“That it’s out there for anybody to see is a little jarring,” Chris Perera said after learned his two-year-old child’s vaccine record was among the files that had been taken.
He said he had been warned in general by Durham Region that his data may have been affected, but he wished they had been more specific so that he would be able to better respond.
“When you get a letter from the region saying your information has been leaked, your head is going so many different ways, I wish they could have said specifically what’s out there,” he said.
Records seem to indicate that the personal information of some 3200 children and their families were taken as part of a file transfer that appears to be related to the uploading of the children’s vaccination status to the region’s health department.
Some day cares have been told that they are to cease sending that detailed vaccination information for now.
Nadine Koch, a supervisor at Kindertots Child Care Centre in Ajax, said her daycare has taken on keeping track of vaccination records by themselves.
“We’re just handling it on our own because we haven’t been told when to submit it. It’s been put on the back burner,” she said.
Koch said the region had informed them that they were among the daycares affected in April, the month after the breach was first discovered.
The breach appears to be related to the Accellion file transfer system, Brett Callow a threat analyst with Emsisoft told CTV News Toronto.
“That data somehow ended up in the hands of a group called CLOP,” he said.
The Ukrainian police said in a statement on their website they believe CLOP is behind attacks from South Korea to the United States, pointing to attacks in 2021 on the personal data and financial reports of Stanford University Medical School, the University of Maryland, and the University of California.
News of the arrests was sure to disrupt the group to some extent, but the group’s presence continues online, he said.
The Accellion software has been fixed, he said.
Durham Region has said it took “prompt steps” to contain the incident, which it said was caused by a vulnerability in a third party software.
“We have stopped using the third party software involved,” the region has said.
Perera said he is not as bothered about the information being online as he might be in another circumstance, as the vaccination data of his two-year-old isn’t going to help online predatorsin further attacks, including attempts at identity theft.
But he said it’s important that the region’s computers are secure.
"Cybersecurity needs to be a priority, especially when it’s an infrastructure that communicates such specific information."
CTVNews.ca Top Stories
BREAKING Quebec judge orders bus driver to stand trial for 2023 daycare crash deaths
A judge has ordered a Quebec man to stand trial on charges of first-degree murder in the deaths of two children killed when a bus rammed into a Montreal-area daycare last year.
Sunshine list: These were the Ontario public sector's highest earners in 2023
Ontario released its annual sunshine list Thursday afternoon, noting that the largest year-over-year increases were in hospitals, municipalities, and post-secondary sectors.
Multiple bridges in Calgary shut down for police incident
Calgary police have shut down a number of bridges into and out of the downtown core as officers deal with a distraught individual.
Trudeau's latest pre-budget pledge targets millennial moms, vowing $1B in loans for more child-care spaces
The federal government is launching a new loan program to help child-care providers in Canada expand their spaces, and will be extending further student loan forgiveness and training options for early childhood educators, Prime Minister Justin Trudeau announced Thursday.
Why some Christians are angry about Trump's 'God Bless the USA' Bible
Former U.S. President Donald Trump is officially selling a copy of the Bible themed to Lee Greenwood’s famous song, 'God Bless the USA.' But the concept of a Bible covered in the American flag has raised concern among religious circles.
Krispy Kreme doughnuts coming to McDonald's in U.S., but not Canada
Canadians will be missing out on a sweet new partnership between McDonald's and Krispy Kreme, which will see doughnuts available at McDonald's locations across the U.S. by the end of 2026.
Calgary officer charged after allegedly assaulting handcuffed man
A Calgary police officer has been charged after allegedly assaulting a handcuffed man two years ago.
Where is the worst place for allergy sufferers in Canada?
The spring allergy season has started early in many parts of Canada, with high levels of pollen in some cities already. Experts weigh in on which areas have it worse so far this season.
How do you navigate the social media minefield with your kids?
Growing fears about social media's harm have sparked lawsuits against social media companies from hundreds of school districts in the United States and now Canada. CTVNews.ca wants to know whether your children are addicted to social media or if you have concerns about their usage of platforms such as Facebook, Snapchat, TikTok and X.