Cyberattack hits vaccine records for thousands of Durham Region children: CTV News investigation
The personal information of more than three thousand children in daycares throughout Durham Region was stolen in a cyberattack early this year that CTV News Toronto has learned is larger than previously known.
That data from some 80 daycares, which also included the detailed vaccination records of some 200 children, was recently discovered on a website with ties to a Ukrainian group believed to be involved in ransomware attacks that was raided by police in June.
“That it’s out there for anybody to see is a little jarring,” Chris Perera said after learned his two-year-old child’s vaccine record was among the files that had been taken.
He said he had been warned in general by Durham Region that his data may have been affected, but he wished they had been more specific so that he would be able to better respond.
“When you get a letter from the region saying your information has been leaked, your head is going so many different ways, I wish they could have said specifically what’s out there,” he said.
Records seem to indicate that the personal information of some 3200 children and their families were taken as part of a file transfer that appears to be related to the uploading of the children’s vaccination status to the region’s health department.
Some day cares have been told that they are to cease sending that detailed vaccination information for now.
Nadine Koch, a supervisor at Kindertots Child Care Centre in Ajax, said her daycare has taken on keeping track of vaccination records by themselves.
“We’re just handling it on our own because we haven’t been told when to submit it. It’s been put on the back burner,” she said.
Koch said the region had informed them that they were among the daycares affected in April, the month after the breach was first discovered.
The breach appears to be related to the Accellion file transfer system, Brett Callow a threat analyst with Emsisoft told CTV News Toronto.
“That data somehow ended up in the hands of a group called CLOP,” he said.
The Ukrainian police said in a statement on their website they believe CLOP is behind attacks from South Korea to the United States, pointing to attacks in 2021 on the personal data and financial reports of Stanford University Medical School, the University of Maryland, and the University of California.
News of the arrests was sure to disrupt the group to some extent, but the group’s presence continues online, he said.
The Accellion software has been fixed, he said.
Durham Region has said it took “prompt steps” to contain the incident, which it said was caused by a vulnerability in a third party software.
“We have stopped using the third party software involved,” the region has said.
Perera said he is not as bothered about the information being online as he might be in another circumstance, as the vaccination data of his two-year-old isn’t going to help online predatorsin further attacks, including attempts at identity theft.
But he said it’s important that the region’s computers are secure.
"Cybersecurity needs to be a priority, especially when it’s an infrastructure that communicates such specific information."
CTVNews.ca Top Stories
Widow looking for answers after Quebec man dies in Texas Ironman competition
The widow of a Quebec man who died competing in an Ironman competition is looking for answers.
Tom Mulcair: Park littered with trash after 'pilot project' is perfect symbol of Trudeau governance
Former NDP leader Tom Mulcair says that what's happening now in a trash-littered federal park in Quebec is a perfect metaphor for how the Trudeau government runs things.
World seeing near breakdown of international law amid wars in Gaza and Ukraine, Amnesty says
The world is seeing a near breakdown of international law amid flagrant rule-breaking in Gaza and Ukraine, multiplying armed conflicts, the rise of authoritarianism and huge rights violations in Sudan, Ethiopia and Myanmar, Amnesty International warned Wednesday as it published its annual report.
Photographer alleges he was forced to watch Megan Thee Stallion have sex and was unfairly fired
A photographer who worked for Megan Thee Stallion said in a lawsuit filed Tuesday that he was forced to watch her have sex, was unfairly fired soon after and was abused as her employee.
Amid concerns over 'collateral damage' Trudeau, Freeland defend capital gains tax change
Facing pushback from physicians and businesspeople over the coming increase to the capital gains inclusion rate, Prime Minister Justin Trudeau and his deputy Chrystia Freeland are standing by their plan to target Canada's highest earners.
U.S. Senate passes bill forcing TikTok's parent company to sell or face ban, sends to Biden for signature
The Senate passed legislation Tuesday that would force TikTok's China-based parent company to sell the social media platform under the threat of a ban, a contentious move by U.S. lawmakers that's expected to face legal challenges.
Wildfire southwest of Peace River spurs evacuation order
People living near a wildfire burning about 15 kilometres southwest of Peace River are being told to evacuate their homes.
U.S. Senate overwhelmingly passes aid for Ukraine, Israel and Taiwan with big bipartisan vote
The U.S. Senate has passed US$95 billion in war aid to Ukraine, Israel and Taiwan, sending the legislation to President Joe Biden after months of delays and contentious debate over how involved the United States should be in foreign wars.
'My stomach dropped': Winnipeg man speaks out after being criminally harassed following single online date
A Winnipeg man said a single date gone wrong led to years of criminal harassment, false arrests, stress and depression.