The City of Toronto says it suffered a “potential cyber breach” from a hack of data from use of its Accellion FTA file transfer server in January that may have involved the health information of individuals.
In its initial statement today, the city said it was notified of a potential cyber breach related to an unnamed third-party file transfer software vendor on Jan. 22. City staff later confirmed to IT World Canada that the incident involved Accellion.
The city realized on Jan. 22 there was an issue. Asked why it took until now to publicly reveal the incident, a city spokesperson said the office of the CISO has been investigating and only issued a report on April 20.
“It takes time to reach any sort of conclusion in view of the legacy system that was breached and the extent of investigation required,” the spokesperson said.
Exactly how many people’s personal information was exposed is still being investigated, the spokesperson added.
“The city has not received any ransom demand and we are also not aware that any individual has received a ransom demand as a result of this breach,” she added.
In its statement, the city said it “took immediate action and shut down access to the software that day, and the city’s chief information security officer immediately launched an investigation to determine the type of data that may have been compromised.”
The city has reported the breach to the provincial Information and Privacy Commissioner and will communicate with any individuals whose information may have been breached.
“The city is obligated to notify the IPC in any instances where personal health information is impacted,” the spok ..
Support the originator by clicking the read the rest link below.
