Investigation reveals thousands had info exposed in P.E.I. arts centre data breach

The full impact of a data breach at Prince Edward Island’s largest arts centre is now clear. The results of a recently completed investigation show thousands of people had their personal information exposed.
The cyberattack was first reported by the Confederation Centre of the Arts in January. In February, officials confirmed it was a ransomware attack, which exposed some personal information held on the organization’s servers.
“A ransomware attack is where criminals will encrypt or scramble the data and systems of an organization preventing them from being able to access it or use it, essentially rendering it all useless,” said David Shipley, CEO of New Brunswick-based cybersecurity firm Beauceron. “Then they hold it for an extortion payment.”
The centre did pay a ransom to the attackers, but didn't disclose the amount paid.
The recently completed investigation into the breach found about 3,000 people were exposed, some just names and email addresses, but others had their date of birth and social insurance number exposed.
“The attack basically took down our entire IT infrastructure,” said Jodi Zver, Confederation Centre of the Arts’ chief financial officer. “We had to rebuild everything from the ground up, new servers, new everything. That took a very long time, and until we had that done we didn’t have access to the data that told us whose information was there.”
Officials say the affected people have been contacted, with the highest risk being offered credit monitoring and insurance.
This isn’t the first time something like this has happened in the region. The City of Saint John was hobbled after its information technology systems were targeted by a similar attack.
Experts say municipal governments and small non-profit organizations are easy targets.
“These organizations do not, generally, have IT teams and they certainly don’t have robust cybersecurity in place,” said Shipley. “So if you have the choice between going up against a global bank with a half a billion dollar security budget and few thousand eager cybersecurity professionals, or you can pick on the little kids.”
The Confederation Centre’s new system has improved backups and monitoring, as well as new information management policy.
“We’re not storing people’s personal information,” said Zver. “So if or when this happens again then we’ll be fine because we know the information wasn’t there for them to take.”
Officials say the box office and payroll system was not breached, so stored financial information should have remained secure.
The vast majority of successful cyberattacks are against people, not IT infrastructure. Attacks include getting members of an organization to click on a bad link or login to a fake website. Experts say the only real way to prevent these kinds of attacks is with improved training for staff and better cybersecurity protocols.
Correction
This is a corrected article. A previous version incorrectly stated the Confederation Centre did not pay the attackers a ransom.
CTVNews.ca Top Stories

Short-term rental tax changes left out of Freeland's bill to implement fiscal update measures, here's why
Finance Minister Chrystia Freeland will be tabling an omnibus bill to pass measures she promised in last week's fall economic statement. Missing from the package are the government's promised plans to crack down on short-term rentals, while the Liberal promise to double the carbon tax rural rebate top-up, is included.
Andre Dawson wants the Expos baseball cap taken off his Hall of Fame plaque
Andre Dawson wants to be immortalized in the Baseball Hall of Fame as a Chicago Cub – not a Montreal Expo.
Alberta town to put proposed bylaw banning symbols such as Pride crosswalks, flags to plebiscite
A group in Westlock, Alta., is trying to ban crosswalks painted in rainbow colours and other symbols.
Full parole granted to SUV passenger convicted in Calgary police officer's death
A man convicted of manslaughter for his role in the death of a Calgary police officer almost three years ago has been granted full parole.
Chicago Blackhawks to terminate Corey Perry's contract after finding 'unacceptable' conduct
The Chicago Blackhawks said Corey Perry engaged in unacceptable conduct and took a step Tuesday toward terminating his contract, the latest twist involving the veteran winger who was mysteriously scratched and sent home last week without explanation.
Poilievre calling on 'unelected' Senate to 'immediately' pass farm fuels carbon tax bill
Conservative Leader Pierre Poilievre is pushing for MPs to call on senators to 'immediately' pass a bill that would exempt certain farm fuels from the carbon price.
French police arrest yoga guru accused of exploiting female followers
French authorities arrested the leader of a multinational tantric yoga organization Tuesday on suspicion of indoctrinating female followers for sexual exploitation.
With deadline looming, diplomats seek to extend Gaza truce; more hostages, prisoners are freed
Hamas and Israel released more hostages and prisoners under terms of a fragile cease-fire that held for a fifth day Tuesday as international mediators in Qatar worked to extend the truce and the United States urged Israel to better protect Palestinian civilians in Gaza if it follows through on its promise to resume the war.
All 41 workers rescued from collapsed tunnel in India after 17-day ordeal
Rescuers in northern India have successfully removed all 41 workers trapped in a collapsed tunnel under the Himalayas, the climax of a 17-day rescue operation to drill through rock and debris.