Richmond Hill discovers data breach that exposed residents' information
No indication personal information was misused, town says
Yorkregion.com
Feb. 22, 2018
Kim Zarzour
About 35,000 people are being advised that some of their contact information was mistakenly exposed on the internet by the Town of Richmond Hill.
A letter was distributed this week to individuals who use the town’s contact centre, Access Richmond Hill, for service request inquiries such as road maintenance and garbage pickup.
The information -- names, addresses, telephone numbers and email addresses -- were available to online search engines between Oct. 3 to 13 before the town learned of the breach and took steps to correct it, according to town spokesperson Meeta Gandhi.
The problem came to light Oct. 13 after a person randomly searched his/her name online and discovered it associated with the town’s database. Soon after, other people also contacted the town and by Oct. 15, the error was shut down, she said.
The municipality had recently changed its customer relationship management system and, apparently, a configuration error occurred when data migrated to the new system.
“We dug deeply, it was all hands on deck until we figured out what the problem was.”
A forensic investigation determined that no other personal information, beyond names, addresses, phone numbers and email addresses, had been revealed, and the town has not received any complaints about the breach, she said.
It is not known how many residents had their information exposed, and there has been no indication the information was used in any way, but “in an abundance of caution”, Gandhi said, 35,000 letters were sent out.
“That data was in our guardianship and we thought it was our responsibility to do our due diligence to inform.”
The town has notified the Information and Privacy Commissioner of Ontario about the incident and implemented additional security to protect all information at the contact centre database, according to the letter sent out this week.
No cost has yet been determined for the data error, Gandhi said, but insurance will cover “a good portion."
Those with questions are asked to call the dedicated contact centre at 888-289-2029, Monday through Friday, 9 a.m. to 9 p.m.
Richmond Hill discovers data breach that exposed residents' information
No indication personal information was misused, town says
Yorkregion.com
Feb. 22, 2018
Kim Zarzour
About 35,000 people are being advised that some of their contact information was mistakenly exposed on the internet by the Town of Richmond Hill.
A letter was distributed this week to individuals who use the town’s contact centre, Access Richmond Hill, for service request inquiries such as road maintenance and garbage pickup.
The information -- names, addresses, telephone numbers and email addresses -- were available to online search engines between Oct. 3 to 13 before the town learned of the breach and took steps to correct it, according to town spokesperson Meeta Gandhi.
The problem came to light Oct. 13 after a person randomly searched his/her name online and discovered it associated with the town’s database. Soon after, other people also contacted the town and by Oct. 15, the error was shut down, she said.
The municipality had recently changed its customer relationship management system and, apparently, a configuration error occurred when data migrated to the new system.
“We dug deeply, it was all hands on deck until we figured out what the problem was.”
A forensic investigation determined that no other personal information, beyond names, addresses, phone numbers and email addresses, had been revealed, and the town has not received any complaints about the breach, she said.
It is not known how many residents had their information exposed, and there has been no indication the information was used in any way, but “in an abundance of caution”, Gandhi said, 35,000 letters were sent out.
“That data was in our guardianship and we thought it was our responsibility to do our due diligence to inform.”
The town has notified the Information and Privacy Commissioner of Ontario about the incident and implemented additional security to protect all information at the contact centre database, according to the letter sent out this week.
No cost has yet been determined for the data error, Gandhi said, but insurance will cover “a good portion."
Those with questions are asked to call the dedicated contact centre at 888-289-2029, Monday through Friday, 9 a.m. to 9 p.m.