Hackers leak police takedown video, medical records in Durham Region breach: CTV News Toronto investigation
A CTV News Toronto investigation has discovered that a data breach at the Durham Regional government is much larger than already known, including medical reports, complaints about medical treatment, and potential evidence in a criminal case.
That data, including security camera video that shows a man’s arrest on a Durham Regional Transit bus by Toronto Police officers, is the kind of thing that should have been encrypted to protect privacy in case of a hostile cyberattack, says Ontario’s former information and privacy commissioner, Ann Cavoukian.
“It is astonishing to me,” Cavoukian said in an interview, pointing to an order she made back in 2010 to Durham region to encrypt some portable medical data after an employee lost a USB stick.
“The value of encryption is enormous. In this case, when you’re talking about someone hacking, it doesn’t matter what the cause of the interception is, if you encrypt the data, especially sensitive health data, then you’ve protected it from the beginning,”
Durham Region has said they were a victim of a cybersecurity incident, which occurred through a third-party software provider. Several gigabytes of its data was posted online by a group called CLOP. Members of that group were arrested this summer in Ukraine.
At the time, police there said the group’s worldwide ransomware attacks included several Canadian companies, costing its victims around $500 million.
The region of Durham was just one of those victims. At first they announced their breach involved the personal information of tens of thousands of public school students. CTV News Toronto revealed in August it also included thousands of children in day care, including their vaccination statuses.
The new video shows the bus travelling at Ellesmere and Meadowvale at about 5:10 p.m. on December 5.
A man gets on and sits in the seats to the rear of the driver. A short time after that, police cars surround the bus, and officers board to subdue the man.
“Do you have any weapons on you, bud?” one officer asks.
“No, not today,” he responds.
The man is taken off the bus and eventually would be charged with attempted murder, aggravated assault with a weapon, possession of a weapon, carrying a concealed weapon, theft, assault, and disobeying a court order.
His lawyer didn’t wish to comment to CTV News Toronto.
Toronto Police Service confirmed several details of the incident, and expressed concern that this video was public before the man’s trial.
“As this case is before the courts, any video of the arrest is considered evidence,” a TPS spokesperson said.
The CLOP data dump also includes applications for government assistance, medical reports, and complaints about medical treatment.
Some people whose names were mentioned in these documents told CTV News Toronto that Durham Region had contacted them; others said they had no idea -- including the driver of the Durham Regional Transit bus.
“The incident impacted a small portion of the overall data managed by the region… working with third-party experts, we have completed our investigation into this incident and taken actions to strengthen our cybersecurity safeguards,” the region said in a statement.
Background
Durham Region was a victim of cybersecurity incident, which occurred through a third-party software provider. This software is no longer used by the Region.
The incident impacted a small portion of the overall data managed by the Region. We have directly notified all individuals who we identified may have been affected and invited them to reach out for additional information. We also posted public statements and FAQs at www.durham.ca/CyberSecurity. It is important to note that there is no evidence of personal information listed within notification letters being compromised or misused.
Working with third-party experts, we have completed our investigation into this incident and taken actions to strengthen our cybersecurity safeguards. We have reported this incident to the regulator and will work to implement any recommendations they provide.
We have provided additional information to residents at www.durham.ca/CyberSecurity. We are committed to protecting the privacy of residents. We are sorry for the inconvenience this may have caused.
CTVNews.ca Top Stories
MPP Sarah Jama asked to leave Ontario legislature for wearing keffiyeh
MPP Sarah Jama was asked to leave the Legislative Assembly of Ontario by House Speaker Ted Arnott on Thursday for wearing a keffiyeh, a garment which has been banned at Queen’s Park.
Mountain guide dies after falling into a crevasse in Banff National Park
A man who fell into a crevasse while leading a backcountry ski group deep in the Canadian Rockies has died.
2 teens charged in Halifax homicide: police
Two teenagers have been charged with second-degree murder in connection to an alleged homicide near the Halifax Shopping Centre earlier this week.
'Deep ignorance': Calls for Manitoba trustee to resign sparked after comments about Indigenous people and reconciliation
A rural Manitoba school trustee is facing calls to resign over comments he made about Indigenous people and residential schools earlier this week.
ByteDance prefers TikTok shutdown in U.S. if legal options fail, Reuters sources say
TikTok owner ByteDance would prefer to shut down its loss-making app rather than sell it if the Chinese company exhausts all legal options to fight legislation to ban the platform from app stores in the U.S., four sources said.
12-year-old hippo in Japan raised as a male discovered to be a female
When Gen-chan arrived at a zoo in Japan in 2017, no one questioned whether the then-five-year-old hippopotamus was a boy. Seven years later, zoo staff made a surprising discovery: Gen-chan, now 12, was female.
Here's why Harvey Weinstein's New York rape conviction was tossed and what happens next
Here's what you need to know about why movie mogul Harvey Weinstein's rape conviction was thrown out and what happens next.
Improve balance and build core strength with this exercise
When it comes to cardiovascular fitness, you may tend to focus on activities that move you forward, such as walking, running and cycling.
Legendary hockey broadcaster Bob Cole dies at 90: CBC
Bob Cole, a welcome voice for Canadian hockey fans for a half-century, has died at the age of 90. Cole died Wednesday night in St. John's, N.L., surrounded by his family, his daughter, Megan Cole, told the CBC.