Investigation reveals thousands had info exposed in P.E.I. arts centre data breach
The full impact of a data breach at Prince Edward Island’s largest arts centre is now clear. The results of a recently completed investigation show thousands of people had their personal information exposed.
The cyberattack was first reported by the Confederation Centre of the Arts in January. In February, officials confirmed it was a ransomware attack, which exposed some personal information held on the organization’s servers.
“A ransomware attack is where criminals will encrypt or scramble the data and systems of an organization preventing them from being able to access it or use it, essentially rendering it all useless,” said David Shipley, CEO of New Brunswick-based cybersecurity firm Beauceron. “Then they hold it for an extortion payment.”
The centre did pay a ransom to the attackers, but didn't disclose the amount paid.
The recently completed investigation into the breach found about 3,000 people were exposed, some just names and email addresses, but others had their date of birth and social insurance number exposed.
“The attack basically took down our entire IT infrastructure,” said Jodi Zver, Confederation Centre of the Arts’ chief financial officer. “We had to rebuild everything from the ground up, new servers, new everything. That took a very long time, and until we had that done we didn’t have access to the data that told us whose information was there.”
Officials say the affected people have been contacted, with the highest risk being offered credit monitoring and insurance.
This isn’t the first time something like this has happened in the region. The City of Saint John was hobbled after its information technology systems were targeted by a similar attack.
Experts say municipal governments and small non-profit organizations are easy targets.
“These organizations do not, generally, have IT teams and they certainly don’t have robust cybersecurity in place,” said Shipley. “So if you have the choice between going up against a global bank with a half a billion dollar security budget and few thousand eager cybersecurity professionals, or you can pick on the little kids.”
The Confederation Centre’s new system has improved backups and monitoring, as well as new information management policy.
“We’re not storing people’s personal information,” said Zver. “So if or when this happens again then we’ll be fine because we know the information wasn’t there for them to take.”
Officials say the box office and payroll system was not breached, so stored financial information should have remained secure.
The vast majority of successful cyberattacks are against people, not IT infrastructure. Attacks include getting members of an organization to click on a bad link or login to a fake website. Experts say the only real way to prevent these kinds of attacks is with improved training for staff and better cybersecurity protocols.
Correction
This is a corrected article. A previous version incorrectly stated the Confederation Centre did not pay the attackers a ransom.
CTVNews.ca Top Stories
From outer space? Sask. farmers baffled after discovering strange wreckage in field
A family of fifth generation farmers from Ituna, Sask. are trying to find answers after discovering several strange objects lying on their land.
Broadcaster and commentator Rex Murphy dead at 77: National Post
The National Post is reporting that Rex Murphy, the pundit and columnist who hosted a national call-in radio show for decades, has died.
Pearson gold heist suspect arrested after flying into Toronto from India
Another suspect is in custody in connection with the gold heist at Toronto Pearson International Airport last year, police say.
Millions of cyberattacks per hour as B.C. government investigates multiple breaches
Careful attention to government statements and legislation is required to get a handle on the level of risk British Columbians’ information is under, as investigators probe multiple breaches under a continued barrage of attacks.
Ontario family receives massive hospital bill as part of LTC law, refuses to pay
A southwestern Ontario woman has received an $8,400 bill from a hospital in Windsor, Ont., after she refused to put her mother in a nursing home she hated -- and she says she has no intention of paying it.
Debate on abortion rights erupts on Parliament Hill, Poilievre vows he won't legislate
A Conservative government led by Pierre Poilievre would not legislate on, nor use the notwithstanding clause, on abortion, his office says, as anti-abortion protesters gather on Parliament Hill.
Justin and Hailey Bieber are expecting their first child together
Hailey and Justin Bieber are going to be parents. The couple announced the news on Thursday on Instagram, both sharing a video that showcases Hailey Bieber's growing belly.
Here are the ultraprocessed foods you most need to avoid, according to a 30-year study
Studies have shown that ultraprocessed foods can have a detrimental impact on health. But 30 years of research show they don’t all have the same impact.
New 'Lord of the Rings' film coming in 2026
The Oscar-winning team behind the nearly US$6 billion blockbuster 'Lord of the Rings' and 'The Hobbit' trilogies is reuniting to produce two new films.