Following a tumultuous week that saw both its leader and its president resign in the face of allegations of sexual misconduct, the Ontario Progressive Conservative Party may now face a cyber security crisis.
According to a report on CP24.com, the PC Party’s database has been hacked. This database could contain the names, phone numbers, and other personal information of more than 1 million eligible voters in Ontario, in addition to that of party supporters, donors, and campaign volunteers.
In a statement, the PC Party tells CP24 that a vulnerability was discovered in its network in early November. That vulnerability was used “to access and encrypt four servers. As per the ransomware note, the attack was non-specific to the PCPO (PC Party of Ontario).”
The vendor responsible for managing the Party’s servers immediately quarantined the affected servers, the statement continues. Then backups were restored. Logs indicate no data was stolen. The party uses the Constituent Information Management System (CIMS) to track its database, a common software used by Canadian political parties.
On Twitter, Canadian privacy lawyer and blogger David Fraser commented on the story, saying there is no statue in Ontario that requires political parties to safeguard personal information.
Not to pick nits, @alexboutilier , but in Ontario there are NO statutes that require political parties to safeguard personal information. https://t.co/d4DoTRHiMm
— David T.S. Fraser (@privacylawyer) January 29, 2018
