|

Hacking: 1) Interference Inquiry Must Walk Very Fine Line On Secrecy, Transparency: Commissioner; 2) Town Of Huntsville Confims It Was Hit By A Ransomeware Attack; 3) Giant Tiger Customer Data Compromised In Incident With Third-Party Vendor

1) Interference Inquiry Must Walk Very Fine Line On Secrecy, Transparency: Commissioner;

Courtesy of Barrie360.com and Canadian PressPublished: Mar 27th, 2024

By Jim Bronskill

The head of an inquiry into foreign interference emphasized Wednesday that the need for secrecy about the sensitive subject has not hindered her work to date.

Commissioner Marie-Josée Hogue cautioned, however, that the inquiry must walk a very fine line in balancing confidentiality and the desire for transparency.

Hogue’s remarks came as the commission began two weeks of hearings into foreign meddling allegations and how the federal government responded to them. 

The hearings will focus on possible interference by China, India, Russia and others in the last two general elections. 

The inquiry expects to hear from dozens of people, including diaspora community members, political party representatives and federal election officials.

The inquiry held an initial set of hearings in late January and early February to solicit ideas on how to publicly disclose as much information as possible.

Even so, Hogue said recently she had agreed to a federal request to present some evidence in the absence of other participants and the public.

In her remarks Wednesday, Hogue stressed that confidentiality related to national security issues has in no way impaired her ability to search for the truth.

The commission has had access to a large number of classified documents in their entirety, meaning they were not redacted to protect national security, Hogue said.

“In fact, confidentiality imperatives have so far not prevented us from doing the work we have been tasked to do,” she said.

“But they do pose real difficulties as I endeavour to keep the process transparent and open. The commission must walk a very fine line in its work.”

People often react with suspicion when secrecy shields information held by the government, Hogue said in French. “Yet it is undeniable that there is a strong public interest in maintaining at least some forms of government secrecy.”

The initial hearings showed that withholding certain types of information may be essential for Canada to conduct activities vital to national security and international commitments, Hogue added.

The preliminary hearings also revealed this is particularly true in the area of foreign interference, since “sophisticated foreign state actors” may be engaged in collecting information about Canada and its citizens, she said.

“In this context, information that could reveal the sources of intelligence, methods of collection or the targets of investigations is particularly sensitive,” Hogue said.

“The disclosure of such information to hostile actors could cause serious harm, both to Canadian citizens and to Canada as a whole.”

2) Town Of Huntsville Confims It Was Hit By A Ransomeware Attack

Courtesy of Barrie360.com

Ian MacLennanPublished: Mar 27th, 2024

The town of Huntsville has shared more details about a cybersecurity incident earlier this month.

The Muskoka community says it was hit on March 10 by a ransomware attack, in which vital digital information is held hostage for payment.

Denise Corry, the town’s chief administrative officer, says an “unauthorized user” infiltrated the town’s systems and data was compromised. 

It’s still not clear if the compromised date includes personal information.

Services are still in the process of being restored, and officials say the town has reviewed and strengthened its systems to mitigate future risk.

The attack in Huntsville came two weeks after officials in Hamilton learned of a similar cybersecurity incident targeting that city.

3) Giant Tiger Customer Data Compromised In Incident With Third-Party Vendor

Courtesy Barrie360.com and Canadian PressPublished: Mar 25th, 2024

By Tara Deschamps

Giant Tiger Stores Ltd. says contact information for some of its customers was compromised in an “incident” linked to a third-party vendor it uses.

Alison Scarlett, a spokesperson for the Ottawa-based discount retailer, would not name the vendor on Monday but said Giant Tiger uses the company to manage its customer communications and engagement.

Giant Tiger is working hard to resolve the issue “as quickly and openly as possible,” Scarlett said.

“We deeply regret that the incident occurred and remain committed to employing best practices to prevent these types of incidents,” she wrote in an email to The Canadian Press.

The breach impacting Giant Tiger is the latest in a string of cybersecurity incidents to hit Canadian organizations. Indigo Books & Music, the LCBO, the Nova Scotia government, the Toronto Public Library and the City of Hamilton in Ontario have all fallen victim to cyber incidents over the last two years.

A web page Giant Tiger set up to provide updates on the incident said the retailer first learned of “a possible security incident” on March 4. By March 15, it had become clear customer information was involved.

“An unauthorized third party was able to obtain copies of information about our customers,” the company said.

An email about the incident sent to affected customers shows those who subscribe to Giant Tiger emails or have an account with its website may have had their name and email address compromised. 

Members of its GT VIP loyalty program along with customers who placed orders that were picked up at a local store may have had their names, emails and phone numbers compromised.

Names, email addresses, home addresses and phone numbers for anyone who ordered products for home delivery may also have been part of the breach.

No payment information or passwords were part of the data compromised, said Scarlett. Giant Tiger store systems and applications were also unaffected.

There is no evidence so far that any information that was compromised has been misused, Scarlett added.

However, Giant Tiger has begun contacting customers about the incident, urging them to exercise caution when opening emails and receiving phone calls that appear to come from the retailer.

“Fraudsters can manipulate the sender’s email address or outgoing phone number to make you believe that the email or text you are receiving is from a legitimate source,” Giant Tiger’s email to customers warned.

“Be particularly vigilant when communications request your personal information, payment information or passwords. Giant Tiger will never ask you for your payment information and password, and we only request personal information if you initiated contact with us. For example, we may ask you to confirm your identity if you call our customer service team.”

The company also told customers they can contact Giant Tiger’s customer service to have their information deleted but it will take two to four days for the process to be carried out.

To help prevent future incidents, Giant Tiger told customers it has notified the privacy commissioner about the breach and is working with vendors to ensure their security measures “continue to meet the highest standards.”

Statistics Canada data shows the country saw 74,073 police-reported cybercrimes in 2022, up from 71,727 in 2021 and 33,893 in 2018. 

Cybercrime is often under-reported because of the stigma, embarrassment and repercussions that can be associated with being duped, experts have long said.

Patricia Dent

Leave a Reply

Your email address will not be published. Required fields are marked *