[BreachExchange] Ontario government employee charged in COVID-19 vaccination data breach

Terrell Byrd terrell.byrd at riskbasedsecurity.com
Tue Nov 23 14:30:19 EST 2021


https://www.msn.com/en-ca/news/canada/ontario-government-employee-charged-in-covid-19-vaccination-data-breach/ar-AAR2YeX

Suspects from the Ottawa and Montreal areas, one of whom works as a public
servant, were arrested Tuesday in connection with an OPP investigation into
a security breach of Ontario’s COVID-19 immunization system.

The province’s cybercrime team said it started an investigation into a
possible data breach on Nov. 17 when the Ontario government flagged reports
from the public about spam text messages received after residents booked
COVID-19 vaccine appointments or downloaded their vaccination certificates.

On Monday, OPP executed search warrants in Ottawa as well as in Quebec with
help from the Sûreté du Québec.

Police said they seized several computers and electronic devices.

Ayoub Sayid, a 21-year-old from Gloucester, Ont., is facing charges of
unauthorized use of a computer. OPP said in a statement that the suspect is
a government employee who worked in the province’s vaccine contact centre.

Rahim Abdu, 22, of Vaudreuil-Dorion, Que., faces the same charges.

Both accused have been released with future court dates.

Ontario Solicitor-General Sylvia Jones told reporters on Monday that the
public can feel secure in using the online vaccination portal amid reports
of the data breach.

“When we hear of potential breaches, we investigate thoroughly,” she said
at a press conference Monday.

“We have confidence in the booking system, that there are no concerns.”

An OPP spokesperson said the cybersecurity unit is still investigating to
determine how many people were contacted through the breach. He said the
scam appears to have been an attempt to solicit more private or financial
information from the targets.

"At this point we continue to investigate the nature of the messages," the
spokesperson said.

"Typically, text or SMSishing refers to the fraudulent practice of sending
text messages purporting to be from a reputable source in order to induce
individuals to reveal personal information, such as passwords or credit
card information."

The OPP advised members of the public to be suspicious of any messages
asking for such information and to report any possible scams to the
Canadian Anti-Fraud Centre.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20211123/105e1903/attachment.html>


More information about the BreachExchange mailing list