City of Toronto Hit by a Potential Cyber Breach


A possible cyber breach from a third-party data transfer software supplier was reported by the City of Toronto on 22nd January 2021. The City took effective measures to halt all the applications that day, while research was promptly initiated by the Chief Information Security Officer of the City to assess the types of data potentially breached. 

The City has documented the infringement to the Commissioner for Information and Privacy of Ontario and had further interacted with everyone whose information might be infringed. Also, additional jurisdictions or organizations in Ontario and across the globe recently reported that this sort of cyber-breach has also affected them. 

The City of Toronto claims that in January, there was a "potential cyber breach" of data on its Accellion FTA file transmission servers that could include individual health details. 

Later, IT World Canada was assured by City workers that Accellion was involved. There had been a problem in the city on January 22nd. A city spokesperson said that the CISO office was examining and released a report only on the 20th of April, on being asked why and how the event had taken until now to be made public – “It takes time to reach any sort of conclusion given the legacy system that was breached, and the extent of investigation required,” the spokesperson said. 

The representative added that they are still investigating exactly how many folk details were revealed. In addition, the city hasn't submitted a ransom application and it is not known either that if a ransom demand has been obtained as a consequence of this violation. 

In its statement, the city said it “took immediate action and shut down access to the software that day, and the city’s chief information security officer immediately launched an investigation to determine the type of data that may have been compromised.” 

In all cases whereby personal health data are affected, the city must notify the IPC. The IPC has been informed since personal health information is potentially accessible. In its attempts to safeguard the privacy and welfare of Toronto people, Toronto has effectively stopped cyber threats regularly. 

In February, cybersecurity agencies across five countries released a global warning to organizations that have transferred their Accellion FTA files after several organizations have admitted that bugs in the program are being compromised at the beginning of this year. Publicly known victims include Shell, the oil supplier, Bombardier, and the pharmaceutical operation of the US retail chain, the Canadian company jet maker.