Town of Banff employee information may have been hacked in cybersecurity breach


“As soon as we have additional information, we will update the public accordingly,” City Manager Kelly Gibson said.

BANFF – The personal information of employees of the town of Banff may have been accessed during the recent cybersecurity attack on the municipality.

The Town of Banff still does not say if anyone threatened to sell or release any data accessed during the March 19 hacking incident as part of a ransom demand.

Administrative officials say the goal is to be as transparent as possible, but it will take time to compile, verify and publish the information as the cybersecurity investigation continues.

“As soon as we have additional information, we will update the public accordingly,” City Manager Kelly Gibson said.

“This is an ongoing investigation and we have a large amount of data that we are reviewing at this time.”

Based on the new results of the ongoing investigation, Town administrators say there is a risk that some personal information of Town of Banff employees may have been accessed by the unauthorized third party.

Jason Darrah, director of communications, said the information the Town of Banff collects for payroll, benefits and tax purposes contains more detailed personal information than anything the town collects from members. of the public for the programs.

He said it is not yet known if this personal information was taken and that there is currently no evidence of any misuse of this personal information, but the City offers a credit monitoring service to all employees because of the risk of identity theft.

“Protecting the personal information of employees and the people we serve is critical to the city, so this news of a potential risk to our staff is very concerning,” Darrah said.

Municipalities can be prime targets for cybersecurity hackers because their cyber defenses are not as sophisticated as larger levels of government. Attackers believe cities and towns may be more willing to pay ransoms than other organizations due to the amount of personal information they hold.

Banff City Council was briefed on the cybersecurity situation during closed meetings.

After a one-and-a-half-hour closed meeting on April 5, council approved a confidential motion by a 5-2 vote. There were no details on what the motion was about, other than is to say: “confidential recommendation 1 contained in the confidential distribution”.

Councilors Hugh Pettigrew and Ted Christensen voted against the motion, while Mayor Corrie DiManno and councilors Chip Olver, Grant Canning, Kaylee Ram and Barb Pelham were in favour.

Following another closed meeting on April 11, the board approved another confidential recommendation, but this time unanimously.

The Town of Banff cited Section 24 (opinion of officials), Section 25 (disclosure harmful to the economic and other interests of a public body) and Section 27 (inside information) of access to Information and Protection of Privacy (FOIP) as grounds for keeping the motion confidential.

These sections of FOIP, however, do not require the board to keep matters private, but rather state that they may keep them confidential. Although more common in larger cities, confidentiality of motions was not a common practice of Banff Council until more recently.

“According to FOIP, the municipality ‘may’ keep a recommendation confidential, to give elected officials the opportunity to discuss and make recommendations on sensitive matters,” Darrah said.

Longtime Banff resident Lee O’Donnell asked council about the cybersecurity incident during the public portion of the April 11 meeting.

He said the public is very interested in hearing more details about the level of exposure due to the data breach, including when the public will be updated.

“The audience is aware that something has happened and over time they are unaware of what has happened that creates….” he said.

Mayor Corrie DiManno chimed in: “We will give another update as soon as we have the information available.”

The threat of cybersecurity is a growing challenge for municipalities.

In April of last year, the Resort Municipality of Whistler (RMOW) in British Columbia hosted an event on cybersecurity.

As a result, non-essential municipal services in Whistler were suspended when email, phone, network services and the website went offline and remained unavailable for weeks. Critical infrastructure such as water and sewer, and emergency systems such as 911 and the fire department were secure and operating normally.

After a months-long investigation in cooperation with cybersecurity experts, Whistler found no evidence that any private personal information from the public was obtained by criminals during the cybersecurity incident.

However, according to a July 8, 2021 press release, the cybercriminals obtained the contents of the personal drives on the employees’ computers, which were drives on the municipality’s network where employees could store personal information as part of the RMOW electronic communications procedure.

The municipality reported that experts leading the cybersecurity investigation believe cybercriminals gained access to the RMOW’s network through a zero-day vulnerability, which is an unknown software flaw that is taken advantage of before a fix is ​​released. available.

“The RMOW also reported that it did not receive a ransom demand, and did not make any payments or engage in dialogue with the cybercriminals,” the municipality said in the press release.

Also in 2021, the Regional Municipality of Durham in Ontario, which provides regional services to eight local municipalities north of Lake Ontario, including the City of Oshawa, reported being the victim of a cybersecurity incident.

In 2018, two small towns in Ontario, Wasaga Beach and Midland, paid ransom demands to recover data after anonymous hackers held their computer systems hostage for more than two days. Wasaga Beach paid $35,000, while Midland did not disclose the amount paid.

Alberta Municipalities, formerly the Alberta Urban Municipalities Association, recently commissioned Ontario-based Stratejm to write a report on cybersecurity best practices for members, given the growing threat of cybersecurity incidents. .

In addition to the benefits offered by technology in local governments to help improve services and programs for residents, digital transformation activities have introduced vulnerabilities that hackers can exploit to cause a data breach.

According to the Alberta Municipalities report, local governments most often fail to implement security controls when connecting to a computer network or the Internet.

“Indeed, the absence of adequate security protocols results in weak municipal systems that hackers can easily exploit to take control of systems, knock out utilities, and steal confidential information,” the report said.

Hackers use a wide range of tactics and threats to target people, processes and technology in municipalities: ransomware attacks, unpatched devices, malware, business email compromise, distributed denial of service, social engineering and insider threats.

It is not known at this point how or in what manner the pirates attacked the town of Banff.

According to the Alberta Municipalities Report, municipalities are experiencing many impacts from the increasing rate of cyberattacks against organizations.

“A data breach results in financial loss due to recovery costs and ransoms,” the report said. “Furthermore, resolving a data breach can take days or even months. Sometimes the victim may never fix the flaw and hackers put government and personal data on the black market.

The AUMA report recommends a range of best practices for municipalities to follow – from updating and patching systems and data encryption, to awareness training and installing security tools, to monitoring access, ongoing monitoring, cybersecurity policies and procedures, system and data backups and partnering with a managed security service provider.

The report concluded that the threat of a cybersecurity incident is a “growing challenge with no definitive solution”. For municipalities, cyberattacks can disrupt operations, put residents’ information at risk, and compromise critical infrastructure such as water, transportation, and waste management.

“The problem is now at the forefront as municipal governments across Canada and around the world fall victim to frequent and sophisticated cybersecurity incidents,” the report said.

But there is no one-size-fits-all solution to all safety issues, according to Alberta municipalities.

“Fortunately, talking about the challenges, sharing past experiences with cyber incidents and developing a wide range of best practices is the proven method for dealing with cyber threats in municipalities,” according to the report.

In Banff’s case, a team of independent cybersecurity experts from KPMG was tasked with helping the municipality address the issue. The RCMP was notified and the Privacy Commissioner of Alberta was also alerted.

While there are no specific details about what kind of security the Town of Banff had or is putting in place, administrators say the Town of Banff is committed to ensuring the data security and conducts a thorough review of all systems data and security protocols.

“Our IT team and contracted cybersecurity experts also continue to harden the security of all of our systems and processes to protect against future incidents, while the investigation into the breach and its risks continues,” Darrah said.

Following the incident, the Town of Banff maintained access to its data and information systems at all times and the town’s critical systems were not impacted, such as those in place for response emergency like the Banff Fire Department. Infrastructure such as water and sewage has also been secured and is functioning normally.

However, some of the non-essential systems in the Town of Banff were affected, such as the webcams, for example. The parking permit renewal system has also been temporarily halted.

Another example is that the developer license viewer is currently offline. It is a web-based application maintained on City of Banff facility systems and as such was disconnected from public web access immediately when unauthorized access to computer systems was detected.

Darrah said it was part of the security process to shut down all access to city systems.

“As the cybersecurity investigation continues, our web systems are gradually being reconnected to public access, following the installation of security enhancements, in order of priority,” he said.

“Systems like public street webcams and the development permit viewer are lower priorities.”


Comments are closed.