Ontario family agency hit by ransomware, says no data was stolen

A Southern Ontario charity that offers family services is urging clients not to respond to emails threatening to release personal information after the agency was hit by ransomware last month.

Social Enterprise for Canada (SEC) says despite the fact that its systems were encrypted by the attackers, so far there is no evidence data was copied, so the threat is empty.

In an interview this morning, SEC chief executive Patricia Cousins said the Toronto-area agency only has general information on clients and no information that would be considered highly confidential.

The attack started November 23rd, she said, when some of the servers supporting SEC’s email and IT systems were encrypted.  It escalated December 1st when attackers emailed  some clients saying the agency had been compromised and threatening to release their personal information unless they clicked on a link.

Fortunately, she said, thanks to help from technicians at Check Point Software, access to the servers was restored quickly.

“We haven’t found any data was copied, which we’re quite relieved about. We’ve asked Check Point to do the best search they can, but on the first scan it looks very positive that we didn’t have a data loss. We did, however, have our email compromised.”

Security experts say that threat actors can do a lot of damage by having only names and email messages of people by sending messages with spam, particularly if they can convince victims to click on a link from what they believe is a trusted source.

“That’s why we put the press release out,” Cousins said. “We want people to be aware this has happened to us and to be cautious.”

Cousins couldn’t immediately recall the strain of the ransomware, but has been told it was “highly sophisticated.”

SEC is still investigating the cause of the attack, Cousins said, but she suspects one of the agency’s full or part-time staff clicked on a link in an email.

“In the weeks preceding the attack we got an awful lot of phishing email. We’ve seen a lot of spoofed email that looks like internal [messages], so we’ve been trying to educate our team to watch out.”

The agency is “tiny,” she said, with about 40 full-time and 20 part-time staff. “We were surprised that we would have been targeted,” she said, “but I guess it doesn’t matter”

Social Enterprise for Canada is a charitable agency serving families, children, and newcomers in Toronto and the surrounding regions of York, Peel, Durham, and Simcoe with a range of services. That includes local, provincial and federally-funded programs such as  day-care, early parenting advice and helping newcomers settle in the region. It serves up to 15,000 individuals a year.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Related Tech News

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.