Toronto feared 35,000 citizens’ data would be made public after cyberattack: documents

The City of Toronto expected metadata concerning some 35,000 citizens to be posted on an online forum run by Eastern European cybercriminals after a data breach earlier this year — but ended up escaping the worst, new documents obtained by CTV News Toronto show.

Some six months after an internal city agency sounded the alarm in confidential documents, the information has yet to be shared publicly and the city says it never received a ransom request, leading some cybersecurity experts to wonder if the city escaped what has been described as a massive spree of cyberattacks. 

“It looks like they failed. The silence is somewhat deafening,” said cybersecurity expert Claudiu Popa. “Maybe the attacker failed to get what they wanted and didn’t have the leverage to extort this particular victim.”

The attack on Toronto was one among thousands of remote, sometimes automated attacks seeking to get data, and then threaten to expose it or destroy it unless handsome sums are paid, often in digital currency.

Ontario’s Information and Privacy Commissioner says cybercriminals are increasingly targeting public agencies, warning breaches are up 151 per cent in 2021 — with 39 public institutions attacked this year in Ontario.

“Hackers are taking advantage of the current public health crisis, and cybersecurity incidents are on the rise,” a spokesperson for the agency said.

The City of Toronto threat assessment, obtained through a Freedom of Information request, describes the attack in January of 2021 as happening through a “zero day” weakness in the city’s Accellion file transfer system.

Hackers known as “CLOP” discovered the weakness in the file transfer system at that time and used it to exploit a large number of organizations, including the Region of Durham.

CTV News Toronto has already shown that those attackers gained and then posted health and schooling data of tens of thousands of individuals, as well as a video of the arrest of a young man by Toronto police on a Durham Region transit bus.

The document appears to link the Toronto attack for the first time publicly to CLOP, which is believed to be a network operating out of…