Ontario government employee among two charged in COVID-19 vaccine portal security breach
TORONTO —
A government employee is among two people charged following an investigation into a security breach related to Ontario’s COVID-19 immunization system.
Ontario Provincial Police (OPP) say they were first asked to investigate the breach on Nov. 17 after the government received reports of spam text messages received by individuals who scheduled appointments or accessed vaccine certificates through the COVID-19 immunization system.
The security breach was confirmed publicly on Monday, with the Solicitor General’s office telling CTV News Toronto that the reported texts were “financial in nature.”
CTV News Toronto spoke with two residents who received phishing text messages they believe could have been related to the breach. Both messages were addressed to their children using their full names.
“What really triggered it for me was the spelling of her name. It was her name, her full name with middle name, and her middle name was fully capitalized and the only time I’ve ever seen that was on her vaccine passport,” Toronto resident Carla Embleton said.
Ottawa resident Mike Primeau said he received a similar text to his cell phone saying that his son had been sent “a reimbursement of $163.36” and was asked to reply to receive the payment.
Primeau was the one who registered his entire family—including his son—for the COVID-19 vaccine.
Multiple other people reported receiving text messages with either their full names or the full names of their children; however the requests differed slightly.
In a news release issued Tuesday, investigators said that two search warrants—one in Quebec and another in Ottawa—were executed on Nov. 22 in connection with the security breach. Several devices, computers and laptops were seized.
As a result of the investigation, 21-year-old Gloucester resident Ayoub Sayid and 22-year-old Rahim Abdu from Vaudreuil-Dorio were taken into custody.
They were both charged with Unauthorized Use of a Computer contrary to s. 342.1(1)(c) of the Criminal Code.
Police say that Sayid is an employee of the Ontario Ministry of Government and Consumer Services in the vaccine contact centre.
The charges have not been proven…