The City of Toronto says it suffered a “potential cyber breach” from a hack of data from use of its Accellion FTA file transfer server in January that may have involved the health information of individuals.
In its initial statement today, the city said it was notified of a potential cyber breach related to an unnamed third-party file transfer software vendor on Jan. 22. City staff later confirmed to IT World Canada that the incident involved Accellion.
The city realized on Jan. 22 there was an issue. Asked why it took until now to publicly reveal the incident, a city spokesperson said the office of the CISO has been investigating and only issued a report on April 20.
“It takes time to reach any sort of conclusion in view of the legacy system that was breached and the extent of investigation required,” the spokesperson said.
Exactly how many people’s personal information was exposed is still being investigated, the spokesperson added.
“The city has not received any ransom demand and we are also not aware that any individual has received a ransom demand as a result of this breach,” she added.
In its statement, the city said it “took immediate action and shut down access to the software that day, and the city’s chief information security officer immediately launched an investigation to determine the type of data that may have been compromised.”
The city has reported the breach to the provincial Information and Privacy Commissioner and will communicate with any individuals whose information may have been breached.
“The city is obligated to notify the IPC in any instances where personal health information is impacted,” the spokesperson said in an email. “The IPC was notified because there is the potential that personal health information was accessed.”
“The City of Toronto successfully wards off cyber attacks on a daily basis and is committed to protecting the privacy and security of Torontonians whose information is in its care and control,” says the April 30 news release from the city.
In February, cybersecurity agencies across five countries issued a global alert to organizations using the Accellion FTA file transfer application after a number of organizations at the start of the year admitted to being hacked through vulnerabilities in the software.
Publicly identified victims include energy producer Shell, Canadian business jet manufacturer Bombardier and the pharmacy operations of the U.S. Kroger supermarket chain.
According to an analysis by FireEye, a threat group leveraging vulnerabilities in FTA is using the dark web site of the Clop ransomware to post evidence to organizations they’ve been hit and demand a ransom to prevent copied data from being publicly released.