The city of Toronto suffered a potential data breach related to a third-party file transfer software vendor – an incident that occurred way back in January.
On January 22, 2021, the city was notified of the breach suffered by an unnamed software vendor, from which Toronto was using file transfer software. In an official release, Toronto said that it took immediate action and shut down access to the software. The city’s chief information officer then quickly launched an investigation to determine the type of data that was potentially compromised.
But more details about the attack have now surfaced; in a statement to IT World Canada, a Toronto spokesperson confirmed that the incident involved software developer Accellion and its FTA (File Transfer Application) platform.
When asked why the city only revealed news of the attack now and not back in January, the spokesperson said that the office of the chief information security officer had been busy investigating the incident since, and only issued a report on April 20.
“It takes time to reach any sort of conclusion in view of the legacy system that was breached and the extent of investigation required,” the city representative added.
The exact number of people whose personal information may have been compromised by the breach is still being investigated, the spokesperson commented.
“The city has not received any ransom demand and we are also not aware that any individual has received a ransom demand as a result of this breach.”
IT World Canada reported that, in February, agencies from five countries issued a global alert to organizations using Accellion FTA after several other groups reported being hacked through vulnerabilities in the software.
Toronto has reported the breach to the Information & Privacy Commissioner of Ontario and will reach out to any individuals whose information may have been breached.