Skip to content

Province says employee email inboxes accessed during cyberattacks

Shannon Salter, deputy minister to the premier and head of the public service, revealed the information in an email update to employees on Monday
web1_06042024-vtc-news-cyberattack-update
The province’s investigation determined that a handful of the inboxes contained sensitive personal information on 19 individuals. THE CANADIAN PRESS/Graeme Roy

An investigation into a cyberattack on the province has discovered that 22 email inboxes of 19 employees have been accessed by the perpetrators.

Shannon Salter, deputy minister to the premier and head of the public service, revealed the information in an email update to employees on Monday, as the province continues to investigate three hacks of its system in April and May that are believed to be state or state-sponsored.

The province’s investigation has determined that a handful of the inboxes contained sensitive personal information on 19 individuals, Salter said. That includes employee personnel files, and an employee who had family information in their inbox.

Salter said no misuse of the information has been identified, and no evidence has been found that the perpetrator accessed specific files. As a precaution, the affected public service employees are being given two years of credit monitoring and identity protection services.

The owners of the email inboxes have all been notified, she said.

The province has said it hasn’t found that information related to public services has been accessed.

Minister of Public Safety and Solicitor General Mike Farnworth said Monday he could not comment on the job roles of the public service employees affected by the cyberattack, or in what ministries they may have worked.

Farnworth said the government invested about three years ago in upgrading its system, noting the Ministry of Citizens Services has 76 people “whose sole job it is to focus on ensuring the integrity and the security” of the province’s networks.

The B.C. government announced last month that its computer systems were attacked on April 10, April 29 and May 6. It said the hacks were not connected to similar cyberattacks on London Drugs retail and pharmacy stores or on the First Nations Health Authority.

Salter reminded public servants to ensure they have a strong password.

Last month, ransomware syndicate LockBit released stolen data from London Drugs on the heels of a demand for $25 million that London Drugs said it refused to pay. The files include human resources medical notations, including one about a sexual assault, and financial files.

London Drugs closed all 79 of its Western Canada stores for about a week after discovering the cyberattack by a “sophisticated group of global criminals” on April 28.

The ransomware attack against the First Nations Health Authority was discovered May 13 and employees were notified two days later.

The authority said it uncovered evidence that certain employee information and limited personal information of others was compromised. The stolen information was released on INC Ransom on the dark web.

It includes Canada Life health-insurance billing data, ­procurement contracts, First Nations Health Authority budgets, cheques, information on dental services to remote First Nations communities, as well as records and correspondence from the Northern Health Authority.

Cybersecurity analyst Brett Callow, based in Shawnigan Lake, told the Times Colonist that with thousands of cyber­attacks each year, it’s inevitable that clusters of such hacks will occur.

He said most ransomware attacks succeed because of fairly simple security failings” and when stolen data is posted on the internet, it’s fairly easy to find.

[email protected]