[BreachExchange] Security breach of OC Transpo My Alerts may have compromised accounts

[Destry Winant]

https://www.cbc.ca/news/canada/ottawa/oc-transpo-my-alerts-subscriber-emails-passwords-compromised

People who use the OC Transpo My Alerts system may have had their
emails and passwords compromised, says the City of Ottawa.

The My Alerts system is used to notify customers about changes to
transit service by email or text, a news release from the city said
Friday.

People's financial and credit card information are not affected, and
there's no impact to the city's payment system nor Presto, according
to the city.

Subscribers to the My Alerts system who use the same password for
other accounts are advised to change their passwords.

"Other private accounts that use the same password could be at risk.
The Canadian Centre for Cyber Security advises against using the same
password for multiple accounts," reads the release.

The affected system is currently shut down, but people who are already
subscribed will continue to get notifications.

Cyber security expert hired

"The safety and security of all customers is our top priority. The
City is investigating to determine how and when this information was
accessed," reads the news release.

The city says it has asked a third-party expert in cyber security to
look at the system and make sure "the vulnerability that caused this
issue is resolved."

The city says it apologizes to My Alerts subscribers for the incident.