Investigation reveals thousands had info exposed in P.E.I. arts centre data breach

The full impact of a data breach at Prince Edward Island’s largest arts centre is now clear. The results of a recently completed investigation show thousands of people had their personal information exposed.
The cyberattack was first reported by the Confederation Centre of the Arts in January. In February, officials confirmed it was a ransomware attack, which exposed some personal information held on the organization’s servers.
“A ransomware attack is where criminals will encrypt or scramble the data and systems of an organization preventing them from being able to access it or use it, essentially rendering it all useless,” said David Shipley, CEO of New Brunswick-based cybersecurity firm Beauceron. “Then they hold it for an extortion payment.”
The centre did pay a ransom to the attackers, but didn't disclose the amount paid.
The recently completed investigation into the breach found about 3,000 people were exposed, some just names and email addresses, but others had their date of birth and social insurance number exposed.
“The attack basically took down our entire IT infrastructure,” said Jodi Zver, Confederation Centre of the Arts’ chief financial officer. “We had to rebuild everything from the ground up, new servers, new everything. That took a very long time, and until we had that done we didn’t have access to the data that told us whose information was there.”
Officials say the affected people have been contacted, with the highest risk being offered credit monitoring and insurance.
This isn’t the first time something like this has happened in the region. The City of Saint John was hobbled after its information technology systems were targeted by a similar attack.
Experts say municipal governments and small non-profit organizations are easy targets.
“These organizations do not, generally, have IT teams and they certainly don’t have robust cybersecurity in place,” said Shipley. “So if you have the choice between going up against a global bank with a half a billion dollar security budget and few thousand eager cybersecurity professionals, or you can pick on the little kids.”
The Confederation Centre’s new system has improved backups and monitoring, as well as new information management policy.
“We’re not storing people’s personal information,” said Zver. “So if or when this happens again then we’ll be fine because we know the information wasn’t there for them to take.”
Officials say the box office and payroll system was not breached, so stored financial information should have remained secure.
The vast majority of successful cyberattacks are against people, not IT infrastructure. Attacks include getting members of an organization to click on a bad link or login to a fake website. Experts say the only real way to prevent these kinds of attacks is with improved training for staff and better cybersecurity protocols.
Correction
This is a corrected article. A previous version incorrectly stated the Confederation Centre did not pay the attackers a ransom.
CTVNews.ca Top Stories
Feds quietly change rules to allow one-time ArriveCAN exemption at land border crossings
The Canadian Border Services Agency is temporarily allowing fully vaccinated travellers a one-time exemption to not be penalized if they were unaware of the health documents required through ArriveCan.

Prosecutor: Stab attack on Salman Rushdie was 'preplanned'
The man accused in the stabbing attack on Salman Rushdie pleaded not guilty Saturday to attempted murder and assault charges in what a prosecutor called a 'preplanned' crime, as the renowned author of 'The Satanic Verses' remained hospitalized with serious injuries.
Average rent up more than 10% in July from previous year, report says
Average rent in Canada for all properties rose more than 10 per cent year-over-year in July, according to a recent nationwide analysis of listings on Rentals.ca.
More than 10,000 Canadians received a medically-assisted death in 2021: report
More Canadians are ending their lives with a medically-assisted death, says the third federal annual report on medical assistance in dying (MAID). Data shows that 10,064 people died in 2021 with medical aid, an increase of 32 per cent over 2020.
LAPD ends investigation into Anne Heche car crash
The Los Angeles Police Department has ended its investigation into Anne Heche's car accident, when the actor crashed into a Los Angeles home on Aug. 5.
Canadian literary figures double down on free speech following Salman Rushdie attack
Canadian writers, publishers and literary figures doubled down on the right to freedom of thought and expression on Saturday, one day after an attack on award-winning author Salman Rushdie that left him hospitalized and on a ventilator.
FBI seized 'top secret' documents from Trump home
The FBI recovered documents that were labelled 'top secret' from former U.S. President Donald Trump's Mar-a-Lago estate in Florida, according to court papers released Friday after a federal judge unsealed the warrant that authorized the unprecedented search this week.
140 lightning-caused wildfires detected in B.C. over last 3 days, service says
Lightning has sparked more than 100 new wildfires in British Columbia since Wednesday, as thunderstorms rolled through the provincial Interior.
Canadian Blood Services in talks around paid donations of plasma as supply dwindles
Canadian Blood Services says it is in talks with companies that pay donors for plasma as it faces a decrease in collections.