Toronto feared 35,000 citizens' data would be made public after cyberattack: documents
The City of Toronto expected metadata concerning some 35,000 citizens to be posted on an online forum run by Eastern European cybercriminals after a data breach earlier this year — but ended up escaping the worst, new documents obtained by CTV News Toronto show.
Some six months after an internal city agency sounded the alarm in confidential documents, the information has yet to be shared publicly and the city says it never received a ransom request, leading some cybersecurity experts to wonder if the city escaped what has been described as a massive spree of cyberattacks.
“It looks like they failed. The silence is somewhat deafening,” said cybersecurity expert Claudiu Popa. “Maybe the attacker failed to get what they wanted and didn’t have the leverage to extort this particular victim.”
The attack on Toronto was one among thousands of remote, sometimes automated attacks seeking to get data, and then threaten to expose it or destroy it unless handsome sums are paid, often in digital currency.
Ontario’s Information and Privacy Commissioner says cybercriminals are increasingly targeting public agencies, warning breaches are up 151 per cent in 2021 — with 39 public institutions attacked this year in Ontario.
“Hackers are taking advantage of the current public health crisis, and cybersecurity incidents are on the rise,” a spokesperson for the agency said.
The City of Toronto threat assessment, obtained through a Freedom of Information request, describes the attack in January of 2021 as happening through a "zero day" weakness in the city’s Accellion file transfer system.
Hackers known as “CLOP” discovered the weakness in the file transfer system at that time and used it to exploit a large number of organizations, including the Region of Durham.
CTV News Toronto has already shown that those attackers gained and then posted health and schooling data of tens of thousands of individuals, as well as a video of the arrest of a young man by Toronto police on a Durham Region transit bus.
The document appears to link the Toronto attack for the first time publicly to CLOP, which is believed to be a network operating out of Eastern Europe. Ukranian police arrested six people in that gang in June, though its activity appeared to continue afterwards.
And just after the Durham information had been posted online, Toronto officials seemed to be ready for the same to happen.
“It can be assessed with high confidence that the compromised data contained within the leaked City of Toronto’s Accellion database may soon be revealed on the attacker managed public forum,” the report says.
Officials confirmed metadata — data about data — had been taken and estimated it could impact as many as 35,000 citizens. That included metadata about 30,000 property taxpayers, 400 people in long term care including their vaccination information, up to 110 patients in Toronto’s Paramedics Service, and about 3000 individuals in Toronto Public Health, including COVID-19 test results.
But the ransom request never came, said Brad Ross, the chief communications officer of the City of Toronto.
“The Mayor’s office is listed as one of the divisions or offices where data could have been accessed/exfiltrated during the breach period, but we are not aware of any data having been posted. To be clear, we are not aware of anything that has affected the City’s operations or the operations in any division or office,” Ross wrote in an e-mail.
He said the Accellion system is no longer in use at the city.
Popa suggested that perhaps Clop never made off with the records themselves — meaning there was a lot less to blackmail someone with — or because the group had so many other targets willing to pay, it moved on.
“With each million that’s getting paid, this is turning into a real business. We’re looking at billions of dollars in 2022. The art of cyber extortion is becoming a science,” he said.
Brett Callow, an analyst at Emsisoft, said the City of Toronto had been transparent — which is more than can be said about many private targets, some who do not report the attacks, making it difficult to get more than a lower bound for the number of targets.
“More than 4,000 companies have now had their data stolen and released online with ransomware gangs. This is far from uncommon. It happens often and the data is very sensitive,” he said.
CTVNews.ca Top Stories
Budget 2024 'likely to be the worst' in decades, former BoC governor says
Without having seen it, former Bank of Canada governor David Dodge believes that Tuesday's 2024 federal budget from Deputy Prime Minister and Finance Minister Chrystia Freeland is 'likely to be the worst budget' in decades.
What's at stake for Canada after Iran's unprecedented attack on Israel
Following the Iranian missile and drone strikes against Israel over the weekend, Canada should take the threat of Iran and potential escalation of the conflict seriously, one global affairs analyst says.
Former B.C. school trustee's 'strip-tease artist' remark was defamatory, judge rules
A controversial former school trustee from B.C.'s Fraser Valley who described a political rival as a "strip-tease artist" during an election campaign has been ordered to pay her $45,000 for defamation.
'A sense of urgency': Sask. man accused of abducting daughter calls himself to the stand during trial
Michael Gordon Jackson, the man on trial after being charged with contravention of a custody order for allegedly abducting his daughter in late 2021 to prevent her from getting a COVID-19 vaccine, called himself to the stand Monday.
Kingston, Ont.'s Aaliyah Edwards drafted into WNBA
After four years at the University of Connecticut, Edwards was selected sixth overall by the Washington Mystics in the WNBA draft Monday night.
NASA confirms mystery object that crashed through roof of Florida home came from space station
NASA confirmed Monday that a mystery object that crashed through the roof of a Florida home last month was a chunk of space junk from equipment discarded at the International Space Station.
A knife attack in Australia against a bishop and a priest is being treated as terrorism, police say
Horrified worshippers watched online and in person as a bishop was stabbed at the altar during a church service in Sydney on Sunday evening.
Body of 14-year-old boy pulled from Lake Ontario, police say he drowned while swimming
The body of a 14-year-old boy has been pulled from Lake Ontario after police say he drowned while swimming near Ashbridges Bay Park on Sunday night.
'Rust' armourer gets 18 months in prison for fatal shooting by Alec Baldwin on set
A movie weapons supervisor was sentenced to 18 months in prison in the fatal shooting of a cinematographer by Alec Baldwin on the set of 'Rust.'
Shopping Trends
The Shopping Trends team is independent of the journalists at CTV News. We may earn a commission when you use our links to shop. Read about us.
Montreal
-
'They were coming to save us': Inquest opens into deaths of two Quebec firefighters
Linda Simard says her husband frantically told her to call 911 as he watched two volunteer firefighters get swept away in rushing floodwaters in Quebec's Charlevoix region last year.
-
Raymond scores in OT as Red Wings clip Canadiens 5-4 to keep playoff hopes alive
Lucas Raymond scored 4:35 into overtime after he scored a game-tying goal with 1:17 left in regulation, lifting the Detroit Red Wings to a 5-4 comeback win over the Montreal Canadiens on Monday night that keeps their playoff hopes alive.
-
Worker seriously injured after fall at Olympic Stadium
A man is fighting for his life after falling about 30 feet in an air duct at the Olympic Stadium on Monday, authorities say.
Ottawa
-
OPP investigating after human remains found in Ottawa River in Clarence-Rockland
Ontario Provincial Police are investigating after human remains were found in the Ottawa River in Clarence-Rockland on Monday.
-
Kingston, Ont.'s Aaliyah Edwards drafted into WNBA
After four years at the University of Connecticut, Edwards was selected sixth overall by the Washington Mystics in the WNBA draft Monday night.
-
'All persons involved' in incident that led to death of teen in Centretown park identified by police
Ottawa police say no suspects are being sought in the death of a teenager in an Ottawa park last Friday, but are offering few details on the circumstances of the incident.
Northern Ontario
-
Northern Ont. man acquitted of murder on James Bay coast
A northern Ontario family is devastated after a jury found a Moose Factory man not guilty of a 2021 murder.
-
Evidence from broken cellphone highlighted during triple murder trial in Sudbury
A digital forensics analyst testified Monday in Sudbury at the trial of Liam Stinson, who is charged with three counts of first-degree murder in connection to an April 2021 firebombing.
-
Thunder Bay police chief vows to rebuild eroding trust after ex-chief arrested
The Thunder Bay police chief is acknowledging some residents' eroding trust in the service as his predecessor and other high-ranking members of the force face criminal charges.
Kitchener
-
Driveway paving scammers reported in Waterloo Region
Cambridge resident Samantha Falkiner explains why something felt "off" about the men who approached her and her neighbours on Friday.
-
Police search home after man injured with explosive
Police are searching a residence just east of downtown Guelph after a man went to hospital with injuries from a homemade explosive device.
-
Police investigate double fatal collision near Drayton
Wellington County OPP is currently investigating a double fatal collision near Drayton.
London
-
Council to discuss pilot project for high school bus pass program
A motion going to city council Tuesday could be the first step in approving a pilot project that would approve bus passes for students in grade nine at Clarke Road Secondary school.
-
Coyotes becoming less fearful of humans in wake of attack, wildlife expert says
Multiple warnings have been issued about the dangers of coyotes and potential wild dogs following a weekend attack that left one person seriously injured.
-
'Addressing our housing concerns': Developer plans to turn unused parking lot at White Oaks Mall into apartment towers
When Westdell Development acquired White Oaks Mall last year, President Iyman Meddoui said they always had the vision of adding additional commercial and residential components.
Windsor
-
Porch pirate suspect sought in Walkerville area
Windsor police are looking for a woman after a parcel was taken from a home in the 400 block of Chilver Road.
-
First Canadian tornado of 2024 confirmed in Essex County
The first Canadian tornado of 2024 hit Essex County in March, says a report from the Northern Tornadoes Project.
-
Windsor ranks high on dopest cities list
A new ranking by food delivery platform Uber Eats puts Windsor among the top cities in the province for ordering cannabis.
Barrie
-
Family of man killed in Wasaga Beach crash seeks justice as case sees more delays
It's been more than two years since Jim Lynne died in a crash along Mosley Street in Wasaga Beach.
-
Street sign honouring Chase McEachern's legacy has gone missing again
A street sign in Barrie, renamed to honour 11-year-old Chase McEachern's legacy after he died in 2006, has gone missing again from an alleyway at the heart of the city's waterfront.
-
Kashechewan First Nation preparing for mass evacuation amid flood threat
The residents of Kashechewan First Nation are in a race against time, preparing for a mass evacuation as the relentless threat of flooding from the Albany River looms closer.
Winnipeg
-
Rural Manitoba council may be dissolved after mass exodus of elected officials: province
A mass exodus of elected officials from a rural Manitoba municipality has put the community in limbo and may force the province to dissolve what's left of the crumbling council.
-
Overland flood warning issued for parts of Manitoba
An approaching low-pressure system that could bring 50 millimetres of mixed precipitation has triggered a flood warning for parts of Manitoba.
-
Lights, camera, action! Extras Casting Underway for Ke Huy Quan movie in Winnipeg
If you’ve ever felt the allure of Hollywood and wanted to be in a big-budget movie your time to shine is now.
Atlantic
-
Youth hospitalized after stabbing: Halifax police
Police are looking for a youth who allegedly stabbed another youth in Halifax on Monday morning.
-
Friday and weekend rain totals
A low pressure system brought a series of weather fronts across the Maritimes on Friday and into the start of the weekend.
-
21 people arrested at pro-Palestinian demonstration in Halifax: police
Halifax Regional Police has arrested and charged 21 people at a pro-Palestinian demonstration in downtown Halifax Monday morning.
N.L.
-
Protest averted as Newfoundland and Labrador premier helps reach pricing deal on crab
A pricing agreement has been reached between crab fishers and seafood processors that will allow for Newfoundland and Labrador's annual crab fishery to get started.
-
A fish harvester's protest threatens Newfoundland and Labrador's crab season -- again
Longliners across Newfoundland and Labrador are tied up once again, as a new protest by the province's fish harvesters threatens to derail the crab fishery for a second straight year.
-
Unique photo exhibit put cameras in the hands of survivors of domestic and sexual violence
A unique photo exhibit is putting cameras into the hands of survivors of domestic and sexual violence in Newfoundland and Labrador.
Edmonton
-
Tickets issued after large, unleashed dog spotted in front of home where boy was killed by dogs
Two tickets were issued after an unleashed dog was seen in front of a home where a boy died in a dog attack earlier this month.
-
Alberta committed to reviewing treatment of trans youth, Smith says in exclusive interview
In an exclusive interview with CTV News Edmonton on Monday, the premier said a study out of the United Kingdom, the Cass Review, echoes some of her concerns in regards to a lack of scientific rigor when it comes to puberty blockers.
-
Alberta announces wage offer for government workers during collective bargaining
The Alberta government is offering a 7.5-per-cent wage increase in the midst of collective bargaining, with government workers calling for a 26-per-cent bump.
Calgary
-
Academics, rural municipalities raise concerns about Alberta's Bill 18
Alberta legislation pitched to protect provincial priorities could slow down grant funding and allow federal money to be spent elsewhere, say officials representing rural municipalities and faculty members at post-secondary institutions.
-
Okotoks, Alta., family faces limited options as two young children battle rare genetic disorder
A young Okotoks, Alta., family is preparing for a long year ahead, as the first of their two children begins a stem cell transplant they hope will prolong her life.
-
Calgary now has a safe surrender site for babies
The cradle is an anonymous drop-off site where an infant can be left in a heated, secured bed, signalling a silent alarm which informs staff.
Regina
-
Sask. NDP, advocates call for full reopening of Moose Jaw hyperbaric chamber
Moose Jaw's hyperbaric chamber has now partially resumed services after being discontinued in 2021 due pandemic related staffing shortages. However, only one patient is currently being treated leading to criticism over a perceived lack of service.
-
'A sense of urgency': Sask. man accused of abducting daughter calls himself to the stand during trial
Michael Gordon Jackson, the man on trial after being charged with contravention of a custody order for allegedly abducting his daughter in late 2021 to prevent her from getting a COVID-19 vaccine, called himself to the stand Monday.
-
Regina's Jon Ryan to retire a Seahawk
Regina's Jon Ryan is set to sign a one-day contract with the Seattle Seahawks tomorrow officially bringing to an end his pro-football career.
Saskatoon
-
Saskatoon Muslim community mourns teen killed in high-speed crash
Friends are raising money for the grieving family of a 16-year-old Saskatoon boy who was killed in a high-speed crash that injured two other teens on Sunday morning.
-
Sask. struggling to recruit and retain specialists, doctor says
Dr. Ana-Maria Bosonea is the only allergist in Saskatoon seeing children under 12, and now she’s moving to Alberta.
-
Saskatoon residents can expect some odour from city landfill as gas well project expands
The city says there may be some odour emanating from the landfill in the coming weeks as crews dig new gas wells and piping to collect more methane from decomposing waste.
Vancouver
-
B.C. woman facing steep medical bills, uncertain future after Thailand crash
The family of a Victoria, B.C., woman who was seriously injured in an accident in Thailand is pleading for help as medical bills pile up.
-
As B.C. marks grim anniversary, advocates call for more urgent action
Last summer, Jessica Michalofsky ran from Nelson to Victoria, raising awareness about the toxic drug crisis that claimed her son Aubrey’s life. Nearly a year later, she's disappointed by the lack of movement on the crisis, as more families lose loved ones.
-
Diverging views emerge on Vancouver home construction outlook
A Vancouver real estate services firm is pushing back against the widely held view that not enough homes are being built in Metro Vancouver.
Vancouver Island
-
B.C. woman facing steep medical bills, uncertain future after Thailand crash
The family of a Victoria, B.C., woman who was seriously injured in an accident in Thailand is pleading for help as medical bills pile up.
-
B.C. fraudster who lured investors with promise to help homeless fined by securities regulator
A Vancouver woman whose company duped investors by promising big returns on real-estate deals that would house the homeless has been ordered to pay nearly $626,000 after the British Columbia Securities Commission deemed the operation a Ponzi scheme.
-
Arctic and offshore patrol vessel HMCS Max Bernays arrives in CFB Esquimalt
The HMCS Max Bernays made its way into its new home at CFB Esquimalt on Monday after a long journey from Halifax.
