Slow response to Oak Bay residents overshadows data breach

Personal information deemed safe despite unauthorized web access

Oak Bay staff are digging deeper into an online security breach this week.

The district immediately shut down one of its online services to protect residents’ personal information after learning of the potential breach July 22, but did not notify residents until late last week.

“We don’t have a full explanation at this point,” said Mayor Nils Jensen.

Residents who use MyDistrict, an online service for tax, utility, bylaw notices, dog and business licence information via oakbay.ca, are now being warned to change their password.

“We weren’t specifically targeted, it seems to be somewhat widespread … there’s no evidence of fraudulent activity on anyone’s bank account,” Jensen added.

The security breach was with a separately hosted and managed site at online.oakbay.ca. “It’s a subdomain of the Oak Bay site,” said Peter Knapp, CEO of Upanup Studios, which designed and hosts oakbay.ca. “It’s a separate service from the Oak Bay site which exists on a separate server.”

Several other municipalities, including the City of Victoria, experienced unauthorized access to their MyDistrict municipal services portal, which was caused by faulty software, on the same date.

The data that was potentially at risk includes personal information of residents who use pre-authorized payment plans for their tax and utility bills. The online service does not collect highly sensitive information such as credit or debit card information, social insurance numbers or drivers’ licence information.

In a letter to affected residents, Oak Bay deputy treasurer and IT manager Fernando Pimental said: “As attacks on high-profile sites are common, we both monitor and improve our site continuously to ensure security at oakbay.ca. We want to err on the side of caution by providing you with the information we have.”

Notice of the security breach was sent to more than 1,000 residents by mail and email. “By Friday all the customers we had email addresses for had received an email from us telling them there might be an issue,” Jensen said.

As a precaution, the district recommends that any residents who have signed up for preauthorized payments monitor their bank accounts and contact their financial institution if they have further concerns. Residents who use MyDistrict are advised to log in and change their password and security question.

Knapp said these types of security breaches are not uncommon. “I don’t want to downplay it, but when you use the term hack it sounds like a person hacked into the site, but in reality, this is more likely a virus.”

By Tuesday morning, the district had received about 20 calls from concerned residents.

“Fernando has been meeting with the bank managers. We’ve provided them with information in regards to what happened,” said district interim CAO Gary Nason. “We continue to have no evidence of any personal information being accessed.”

The affected server was turned off and a new server was brought online on July 23.

Jensen asked Nason to look into the reasons why it took so long for residents to be notified of the security breach. “It was too long, but we can’t say why, at this point, without a full investigation,” Jensen said.

“The mayor asked me to take look at the practices and protocols – and what the other municipalities did – specifically on the issue of why there was a delay in getting the advisory out,” Nason said. “We hope to have the independent security audit findings by the end of next week, if not earlier.”

Jensen said he wants to know, “not only what happened, but how we can avoid it in the future.”

Residents are asked to contact Pimental by email at fpimental@oakbay.ca or by phone at 250-598-3311 during regular business hours if they have any questions or concerns.

 

How do I change my password and security question?

1. Go to oakbay.ca and scroll down to Online Services.

2. Click on the word “MyDistrict Online.”

3. Log on to the service.

4. Select the Profile menu on the left side.

5. Change your security question and then select Update Your Profile.

6. After updating your question, select Change Password and change your password.

 

Just Posted

500 pounds of turkey served at Cool Aid community Christmas dinner

Annual dinner serves hundreds of community members

VIDEO: Annual Tuba Christmas concert draws large crowd to Market Square

Over 100 tuba and euphonium players gathered to play festive tunes

Revisit Christmas past as Point Ellice House displays Victorian-era traditions

Antique bobbles, cards, decor and more are on display

Bold and brassy quintet touches down at UVic

Internationally recognized Canadian Brass performing with Victoria Symphony on Dec. 21

Saanich church kicks off holidays with peaceful Winter Solstice service

St. Luke’s song-filled Christmas services come later

VIDEO: Success of wildlife corridors in Banff National Park has advocates wanting more

Demand for more highway protection escalated after seven elk were killed by a semi-trailer near Canmore

Fans sing Canadian anthem after sound system breaks at BMW IBSF World Cup

The Canadians in attendance made sure their team and flag were honoured on the podium

VIDEO: Fire destroys Big White Ski Resort chalet

Social media eulogies peg the property, nicknamed “The Pharamacy,” as both loved and hated

Prince George RCMP use bait packages to catch porch pirates over the holidays

First-in-Canada program with Amazon looks to combat parcel theft

Nanaimo mechanical engineer creates thief tracking program

Nanaimo Thief Tracking lets users plot and share information about thefts online

Mayor wants B.C. to institutionalize severely mental ill people who are homeless

Those suffering from mental health conditions, such as schizophrenia, need specialized care, mayor says

Five things of note from Trudeau’s mandate letters to his ministers

Some marching orders come from the Liberal Party’s campaign, while others are new additions

Scheer’s resignation tips party into internal war over school tuition payments

The Conservatives have a Toronto convention already scheduled for April

Navigating ‘fever phobia’: B.C. doctor gives tips on when a sick kid should get to the ER

Any temperature above 38 C is considered a fever, but not all cases warrant a trip to the hospital

Most Read