Toronto feared 35,000 citizens' data would be made public after cyberattack: documents
The City of Toronto expected metadata concerning some 35,000 citizens to be posted on an online forum run by Eastern European cybercriminals after a data breach earlier this year — but ended up escaping the worst, new documents obtained by CTV News Toronto show.
Some six months after an internal city agency sounded the alarm in confidential documents, the information has yet to be shared publicly and the city says it never received a ransom request, leading some cybersecurity experts to wonder if the city escaped what has been described as a massive spree of cyberattacks.
“It looks like they failed. The silence is somewhat deafening,” said cybersecurity expert Claudiu Popa. “Maybe the attacker failed to get what they wanted and didn’t have the leverage to extort this particular victim.”
The attack on Toronto was one among thousands of remote, sometimes automated attacks seeking to get data, and then threaten to expose it or destroy it unless handsome sums are paid, often in digital currency.
Ontario’s Information and Privacy Commissioner says cybercriminals are increasingly targeting public agencies, warning breaches are up 151 per cent in 2021 — with 39 public institutions attacked this year in Ontario.
“Hackers are taking advantage of the current public health crisis, and cybersecurity incidents are on the rise,” a spokesperson for the agency said.
The City of Toronto threat assessment, obtained through a Freedom of Information request, describes the attack in January of 2021 as happening through a "zero day" weakness in the city’s Accellion file transfer system.
Hackers known as “CLOP” discovered the weakness in the file transfer system at that time and used it to exploit a large number of organizations, including the Region of Durham.
CTV News Toronto has already shown that those attackers gained and then posted health and schooling data of tens of thousands of individuals, as well as a video of the arrest of a young man by Toronto police on a Durham Region transit bus.
The document appears to link the Toronto attack for the first time publicly to CLOP, which is believed to be a network operating out of Eastern Europe. Ukranian police arrested six people in that gang in June, though its activity appeared to continue afterwards.
And just after the Durham information had been posted online, Toronto officials seemed to be ready for the same to happen.
“It can be assessed with high confidence that the compromised data contained within the leaked City of Toronto’s Accellion database may soon be revealed on the attacker managed public forum,” the report says.
Officials confirmed metadata — data about data — had been taken and estimated it could impact as many as 35,000 citizens. That included metadata about 30,000 property taxpayers, 400 people in long term care including their vaccination information, up to 110 patients in Toronto’s Paramedics Service, and about 3000 individuals in Toronto Public Health, including COVID-19 test results.
But the ransom request never came, said Brad Ross, the chief communications officer of the City of Toronto.
“The Mayor’s office is listed as one of the divisions or offices where data could have been accessed/exfiltrated during the breach period, but we are not aware of any data having been posted. To be clear, we are not aware of anything that has affected the City’s operations or the operations in any division or office,” Ross wrote in an e-mail.
He said the Accellion system is no longer in use at the city.
Popa suggested that perhaps Clop never made off with the records themselves — meaning there was a lot less to blackmail someone with — or because the group had so many other targets willing to pay, it moved on.
“With each million that’s getting paid, this is turning into a real business. We’re looking at billions of dollars in 2022. The art of cyber extortion is becoming a science,” he said.
Brett Callow, an analyst at Emsisoft, said the City of Toronto had been transparent — which is more than can be said about many private targets, some who do not report the attacks, making it difficult to get more than a lower bound for the number of targets.
“More than 4,000 companies have now had their data stolen and released online with ransomware gangs. This is far from uncommon. It happens often and the data is very sensitive,” he said.
CTVNews.ca Top Stories
Doctors say capital gains tax changes will jeopardize their retirement. Is that true?
The Canadian Medical Association asserts the Liberals' proposed changes to capital gains taxation will put doctors' retirement savings in jeopardy, but some financial experts insist incorporated professionals are not as doomed as they say they are.
Something in the water? Canadian family latest to spot elusive 'Loch Ness Monster'
For centuries, people have wondered what, if anything, might be lurking beneath the surface of Loch Ness in Scotland. When Canadian couple Parry Malm and Shannon Wiseman visited the Scottish highlands earlier this month with their two children, they didn’t expect to become part of the mystery.
Fair in Ontario, flurries in Labrador: Weather systems make for an erratic spring
It's no secret that spring can be a tumultuous time for Canadian weather, and as an unseasonably mild El Nino winter gives way to summer, there's bound to be a few swings in temperature that seem out of the ordinary. From Ontario to the Atlantic, though, this week is about to feel a little erratic.
What do weight loss drugs mean for a diet industry built on eating less and exercising more?
Recent injected drugs like Wegovy and its predecessor, the diabetes medication Ozempic, are reshaping the health and fitness industries.
He replaced Mickey Mantle. Now baseball's oldest living major leaguer is turning 100
The oldest living former major leaguer, Art Schallock turns 100 on Thursday and is being celebrated in the Bay Area and beyond as the milestone approaches.
What a urologist wants you to know about male infertility
When opposite sex couples are trying and failing to get pregnant, the attention often focuses on the woman. That’s not always the case.
'It was instant karma': Viral video captures failed theft attempt in Nanaimo, B.C.
Mounties in Nanaimo, B.C., say two late-night revellers are lucky their allegedly drunken antics weren't reported to police after security cameras captured the men trying to steal a heavy sign from a downtown business.
Bank of Canada officials split on when to start cutting interest rates
Members of the Bank of Canada's governing council were split on how long the central bank should wait before it starts cutting interest rates when they met earlier this month.
Iran's judiciary confirms rapper Toomaj Salehi death sentence
Iran's judiciary confirmed the death sentence of well-known Iranian rapper Toomaj Salehi but added that he is entitled to a sentence reduction, state media reported on Thursday.