Cyberattack hits vaccine records for thousands of Durham Region children: CTV News investigation
The personal information of more than three thousand children in daycares throughout Durham Region was stolen in a cyberattack early this year that CTV News Toronto has learned is larger than previously known.
That data from some 80 daycares, which also included the detailed vaccination records of some 200 children, was recently discovered on a website with ties to a Ukrainian group believed to be involved in ransomware attacks that was raided by police in June.
“That it’s out there for anybody to see is a little jarring,” Chris Perera said after learned his two-year-old child’s vaccine record was among the files that had been taken.
He said he had been warned in general by Durham Region that his data may have been affected, but he wished they had been more specific so that he would be able to better respond.
“When you get a letter from the region saying your information has been leaked, your head is going so many different ways, I wish they could have said specifically what’s out there,” he said.
Records seem to indicate that the personal information of some 3200 children and their families were taken as part of a file transfer that appears to be related to the uploading of the children’s vaccination status to the region’s health department.
Some day cares have been told that they are to cease sending that detailed vaccination information for now.
Nadine Koch, a supervisor at Kindertots Child Care Centre in Ajax, said her daycare has taken on keeping track of vaccination records by themselves.
“We’re just handling it on our own because we haven’t been told when to submit it. It’s been put on the back burner,” she said.
Koch said the region had informed them that they were among the daycares affected in April, the month after the breach was first discovered.
The breach appears to be related to the Accellion file transfer system, Brett Callow a threat analyst with Emsisoft told CTV News Toronto.
“That data somehow ended up in the hands of a group called CLOP,” he said.
The Ukrainian police said in a statement on their website they believe CLOP is behind attacks from South Korea to the United States, pointing to attacks in 2021 on the personal data and financial reports of Stanford University Medical School, the University of Maryland, and the University of California.
News of the arrests was sure to disrupt the group to some extent, but the group’s presence continues online, he said.
The Accellion software has been fixed, he said.
Durham Region has said it took “prompt steps” to contain the incident, which it said was caused by a vulnerability in a third party software.
“We have stopped using the third party software involved,” the region has said.
Perera said he is not as bothered about the information being online as he might be in another circumstance, as the vaccination data of his two-year-old isn’t going to help online predatorsin further attacks, including attempts at identity theft.
But he said it’s important that the region’s computers are secure.
"Cybersecurity needs to be a priority, especially when it’s an infrastructure that communicates such specific information."
CTVNews.ca Top Stories
'They needed people inside Air Canada:' Police announce arrests in Pearson gold heist
Police say one former and one current employee of Air Canada are among the nine suspects that are facing charges in connection with the gold heist at Pearson International Airport last year.
House admonishes ArriveCan contractor in rare parliamentary show of power
MPs enacted an extraordinary, rarely used parliamentary power on Wednesday, summonsing an ArriveCan contractor to appear before the House of Commons where he was admonished publicly and forced to provide answers to the questions MPs said he'd previously evaded.
Leafs star Auston Matthews finishes season with 69 goals
Auston Matthews won't be joining the NHL's 70-goal club this season.
Trump lawyers say Stormy Daniels refused subpoena outside a Brooklyn bar, papers left 'at her feet'
Donald Trump's legal team says it tried serving Stormy Daniels a subpoena as she arrived for an event at a bar in Brooklyn last month, but the porn actor, who is expected to be a witness at the former president's criminal trial, refused to take it and walked away.
Why drivers in Eastern Canada could see big gas price spikes, and other Canadians won't
Drivers in Eastern Canada face a big increase in gas prices because of various factors, especially the higher cost of the summer blend, industry analysts say.
Doug Ford calls on Ontario Speaker to reverse Queen's Park keffiyeh ban
Ontario Premier Doug Ford is calling on Speaker Ted Arnott to reverse a ban on keffiyehs at Queen's Park, describing the move as “needlessly” divisive.
'A living nightmare': Winnipeg woman sentenced following campaign of harassment against man after online date
A Winnipeg woman was sentenced to house arrest after a single date with a man she met online culminated in her harassing him for years, and spurred false allegations which resulted in the innocent man being arrested three times.
Woman who pressured boyfriend to kill his ex in 2000s granted absences from prison
A woman who pressured her boyfriend into killing his teenage ex more than a decade ago will be allowed to leave prison for weeks at a time.
Customers disappointed after email listing $60K Tim Hortons prize sent in error
Several Tim Horton’s customers are feeling great disappointment after being told by the company that an email stating they won a boat worth nearly $60,000 was sent in error.