One of Ontario’s biggest cities is in the second day of dealing with a cyber attack.
Hamilton, a municipality of about 570,000 on the shore of Lake Ontario, said Sunday it had suffered a city-wide phone and email “disruption” to municipal and public library services, which included the Bus Check Info Line and the HSRNow transit planning app.
Today, the city’s description of the problem changed from a disruption to a cyber incident.
Buses started as scheduled Monday, and transit schedules are available on the city’s website.
“At this time experts are actively responding to the incident to determine the cause and potential impacts,” the city said in a news release Monday on its website. “Our priority is to safeguard the integrity of our systems and protect any sensitive or private information.
“While the investigation is ongoing, we want to assure the community that we are taking this matter seriously and are collaborating closely with cybersecurity experts and relevant authorities to address the issue as quickly and effectively as possible.
“We understand the importance of transparency and will provide updates as new information becomes available. We apologize for any inconvenience caused by this incident.
“The City remains committed to protecting the privacy and security of our community while managing impacts to City service levels.”
Threat actors may target provincial, state, and local governments for several reasons: Generally their IT departments are less well-funded than national governments and may be less well defended. Threat actors may also believe local governments are susceptible to paying ransoms for access to stolen data because they are responsible to taxpayers.
Experts also say some attacks are just opportunistic — that is, a hacker finds an IT system vulnerable to an attack and takes advantage of the opening.
A report last year by cybersecurity awareness training supplier KnowBe4 on the economic impact of cyber attacks on U.S. municipalities noted getting into the network in the first place is often done with low-tech phishing emails.
The City of Toronto’s public library system is only now in the final stages of recovering from a ransomware attack last October. It has been forced to rebuild its network. The names, Social Insurance numbers and other information of employees going back to 1998 was copied by the attacker.
