Email hack may have revealed personal information, B.C. city warns residents

A British Columbia municipality is warning residents that some of their personal information may be in the hands of hackers after the compromise of the city’s email system.

Richmond, a city of about 231,000 in the greater Vancouver area, gave that warning last week after learning fraudulent emails were being sent in June from individuals claiming to be members of the municipality’s staff or the city-owned Gateway Theatre. This related to the discovery on June 7th of what the city calls “unusual and concerning activity in its information technology environment.”

“While the city is unable to ascertain the exact types of personal information impacted by the attack, we are proceeding on the premise that some users may have shared personal information in their email communications with the city or Gateway Theatre,” the municipality said in a statement on its website. “This could include facility and program participant information such as contact details and birth dates; permit and licence applicant information such as home addresses and telephone numbers; among other types of personal information which may be submitted by the public through the course of routine business.

“Because the fraudulent email messages may contain a fake PDF file attachment or a link to a website that may be used to spread malware to harm your device and/or computer network, residents are urged not to click on any attachments or links in suspect emails.”

All official city or Gateway Theatre communications will only come from an official @richmond.ca or @gatewaytheatre.com e-mail address, the statement emphasizes.

“There is no indication the attack accessed the city’s financial or human resources data, or any other enterprise systems or databases,” the statement adds. “City operations have not been impacted and business continues as normal.”

The attack has been reported to the RCMP and the Office of the Information and Privacy Commission of B.C..

Experts warn that attackers don’t have to break into an organization’s files servers to get valuable information. Sometimes customers include personal information in emails to organizations. In addition staff may send sensitive personal and corporate information to each other either in messages or attachments. Hackers may also take advantage of their access to an email system to send malicious email from an employee so it looks legitimate, or insert themselves into an email conversation to get information. For these reasons access to email systems have to be protected with multi-factor authentication, and, if necessary, encryption.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer. Former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, Howard has written for several of ITWC's sister publications, including ITBusiness.ca. Before arriving at ITWC he served as a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

Featured Story

How the CTO can Maintain Cloud Momentum Across the Enterprise

Embracing cloud is easy for some individuals. But embedding widespread cloud adoption at the enterprise level is...

Related Tech News

Get ITBusiness Delivered

Our experienced team of journalists brings you engaging content targeted to IT professionals and line-of-business executives delivered directly to your inbox.

Featured Tech Jobs