Slow response to Oak Bay residents overshadows data breach

Personal information deemed safe despite unauthorized web access

Oak Bay staff are digging deeper into an online security breach this week.

The district immediately shut down one of its online services to protect residents’ personal information after learning of the potential breach July 22, but did not notify residents until late last week.

“We don’t have a full explanation at this point,” said Mayor Nils Jensen.

Residents who use MyDistrict, an online service for tax, utility, bylaw notices, dog and business licence information via oakbay.ca, are now being warned to change their password.

“We weren’t specifically targeted, it seems to be somewhat widespread … there’s no evidence of fraudulent activity on anyone’s bank account,” Jensen added.

The security breach was with a separately hosted and managed site at online.oakbay.ca. “It’s a subdomain of the Oak Bay site,” said Peter Knapp, CEO of Upanup Studios, which designed and hosts oakbay.ca. “It’s a separate service from the Oak Bay site which exists on a separate server.”

Several other municipalities, including the City of Victoria, experienced unauthorized access to their MyDistrict municipal services portal, which was caused by faulty software, on the same date.

The data that was potentially at risk includes personal information of residents who use pre-authorized payment plans for their tax and utility bills. The online service does not collect highly sensitive information such as credit or debit card information, social insurance numbers or drivers’ licence information.

In a letter to affected residents, Oak Bay deputy treasurer and IT manager Fernando Pimental said: “As attacks on high-profile sites are common, we both monitor and improve our site continuously to ensure security at oakbay.ca. We want to err on the side of caution by providing you with the information we have.”

Notice of the security breach was sent to more than 1,000 residents by mail and email. “By Friday all the customers we had email addresses for had received an email from us telling them there might be an issue,” Jensen said.

As a precaution, the district recommends that any residents who have signed up for preauthorized payments monitor their bank accounts and contact their financial institution if they have further concerns. Residents who use MyDistrict are advised to log in and change their password and security question.

Knapp said these types of security breaches are not uncommon. “I don’t want to downplay it, but when you use the term hack it sounds like a person hacked into the site, but in reality, this is more likely a virus.”

By Tuesday morning, the district had received about 20 calls from concerned residents.

“Fernando has been meeting with the bank managers. We’ve provided them with information in regards to what happened,” said district interim CAO Gary Nason. “We continue to have no evidence of any personal information being accessed.”

The affected server was turned off and a new server was brought online on July 23.

Jensen asked Nason to look into the reasons why it took so long for residents to be notified of the security breach. “It was too long, but we can’t say why, at this point, without a full investigation,” Jensen said.

“The mayor asked me to take look at the practices and protocols – and what the other municipalities did – specifically on the issue of why there was a delay in getting the advisory out,” Nason said. “We hope to have the independent security audit findings by the end of next week, if not earlier.”

Jensen said he wants to know, “not only what happened, but how we can avoid it in the future.”

Residents are asked to contact Pimental by email at fpimental@oakbay.ca or by phone at 250-598-3311 during regular business hours if they have any questions or concerns.

 

How do I change my password and security question?

1. Go to oakbay.ca and scroll down to Online Services.

2. Click on the word “MyDistrict Online.”

3. Log on to the service.

4. Select the Profile menu on the left side.

5. Change your security question and then select Update Your Profile.

6. After updating your question, select Change Password and change your password.

 

Just Posted

Greater Victoria records drop in building permit values

Values are up for British Columbia and Canada thanks to Vancouver

Victoria Shamrocks win proves costly

Shamrocks lose Rhys Duch to a season-ending injury

Suspect steals jewelry and ice cream bars in Oak Bay break and enter

Oak Bay resident loses $2,000 in gift cards to Visa Scam

Campbell River teen on the mend a year later

Jonah Shankar’s treatment for brain tumour involved trips to UK

Rules grounding high flight crews for 28 days likely to be challenged

Lawyer says policy could compromise charter rights and personal liberties

WATCH: Barbers battle it out in Victoria

‘Barber Battle’ saw stylists and barbers from across North America go head-to-head

Homalco tour gives glimpse into area’s ‘People, Land, Water’

First Nation business mixes cultural components with wildlife excursions

Feds announce $50M strategy to fight dementia

Emphasis is on prevention and and supporting caregivers

Federal Liberals’ plan to help first-time homebuyers to kick in weeks before election

Ottawa to pick up 5% of a mortgage on existing homes for households that earn under $120,000 a year

B.C. VIEWS: When farmland protection doesn’t protect farmers

Secondary residences aren’t mansions, families tell Lana Popham

Bombers down B.C. Lions 33-23 in season opener

Former Lion Andrew Harris leads Winnipeg with 148 rushing yards

Northern B.C. family remembers murdered Indigenous woman with memorial walk

Still no closure for Ramona Wilson’s family 25 years later

Monkey spotted on late-night jaunt in Campbell River

Conservation officers also apparently looking for cougar in the area

B.C. university to offer mentorship program for former youth in care

Students using the provincial tuition waiver program will soon be able to form a community at KPU

Most Read