Tag: security breach

City of Hamilton ‘regrets’ exposing emails and names of 450 voters

Post author By Mobile Syrup
Post date 14 October 2022

The City of Hamilton, Ontario experienced a privacy breach, exposing the names and emails of approximately 450 voters. The City’s statement about the breach said it “regrets the error and any distress.”

“Multiple email addresses were inadvertently entered in the to: line of the email instead of the bcc: line, exposing email addresses to all recipients of the email message,” says the cit. This affected all who registered to use the ‘Vote by Mail’ process.

The City of Hamilton sent a follow-up email to the original recipients and said that “immediate steps were taken to recall the message; however, the email was not successfully recalled by all of the recipients,” reports CTV.

The City of Hamilton is aware of a privacy breach regarding personal emails impacting approximately 450 individuals who registered to use the Vote by Mail process. The City regrets the error and any distress that this incident may cause. Read the full statement. pic.twitter.com/ZE6hooze3D

— City of Hamilton (@cityofhamilton) October 14, 2022

Hamilton is also asking those who’ve received the original message to delete it from their inbox and deleted folders.

If you have any complaints about this situation, you can reach out to City Clerk’s Division – here at 905-546-2424 ext. 2743 or email clerk@hamilton.ca.

Source: City of Hamilton, CTV

Tags security breach

Mobile Syrup

Ford government says Ontario vaccine portal is still secure following data breach

Post author By Mobile Syrup
Post date 24 November 2021

The Ontario government says residents should still be confident in the province’s vaccine booking portal, even though the government failed to disclose a suspected security breach that resulted in a police investigation and charges against a government employee.

As reported by CTV News, the Ontario Provincial Police (OPP) cyber crimes unit was “immediately engaged” and quickly started an investigation after learning about the breach on November 17th. The government asked the OPP to investigate after it received reports that residents received spam text messages from people who had scheduled appointments are accessed their vaccine certificates through the provincial vaccine portal.

The spam messages were “financial in nature,” according to Ontario’s Solicitor General, who also said the investigation confirmed that no personal health information was accessed and that the COVID-19 vaccine booking system “remains secure.”

CTV News reports that multiple residents received text messages with either their full names or their children’s full names, all with slightly differing requests.

Investigators executed two search warrants on November 22nd, one in Ottawa and the other in Quebec, related to the security breach. 21-year-old Gloucester resident Ayoub Sayid — who police say was an employee of the Ontario Ministry of Government and Consumer Services in the vaccine contact centre — and 22-year-old Rahim Abdu from Vaudreuil-Dorio, Quebec, were taken into custody and charged with Unauthorized Use of a Computer contrary to s. 342.1(1)(c) of the Criminal Code. The charges have not been proven in court.

Despite the arrests, the Official Opposition has criticized Premier Doug Ford’s government for failing to notify the public. Instead, concerned residents shared reports about the breach on social media, and the Ford government only confirmed it after inquiries from the media.

“The government knew this was happening and they chose to keep it under wraps,” said NDP leader Andrea Horwath.

Source: CTV News

Tags Data breach, Doug Ford, Ontario, security breach, vaccine portal

Mobile Syrup

Twitch confirms passwords weren’t exposed in October 6th security breach

Post author By Mobile Syrup
Post date 16 October 2021

Amazon-owned Twitch, a popular streaming service, has confirmed that passwords weren’t exposed in the recent data breach that saw the platform’s source code leaked online.

In an update posted on October 15th, Twitch explained that it is “confident” that attackers didn’t access the systems that store Twitch login credentials. It also confirmed that attackers didn’t access full credit card numbers or bank information.

On October 6th, a massive trove of Twitch data was made available for download online. The data included Twitch source code, creator payout information, an unreleased competitor to Steam (a popular platform for buying PC games) and more.

Twitch later confirmed the leak, and in the latest update, provided some more information about the data exposed by the security breach:

“The exposed data primarily contained documents from Twitch’s source code repository, as well as a subset of creator payout data. We’ve undergone a thorough review of the information included in the files exposed and are confident that it only affected a small fraction of users and the customer impact is minimal. We are contacting those who have been impacted directly.”

Twitch previously blamed the breach on an error in a “server configuration change” and said it had reset all stream keys “out of an abundance of caution.”

The Verge notes that sources have spoken out about Twitch, accusing the company of poor security practices. Further, the sources claimed that Twitch experienced a security problem in 2017 but didn’t report it.

Source: Twitch Via: The Verge

Tags data, information, passwords, security breach, twitch, update