BANFF – A team of cybersecurity experts is investigating a cybersecurity attack on the Town of Banff.
Town of Banff officials say no one has claimed responsibility for the March 19 computer hacking incident, but would not say if anyone had threatened to sell or release data that was accessed as part of any ransom demand.
“At this stage, we would not be providing details about any contact, during the ongoing cybersecurity investigation,” said Jason Darrah, the director of communications for the Town of Banff.
Banff town council was briefed on the March 19 cybersecurity incident affecting the municipality’s computer systems during a closed-door meeting on Monday (March 28). The cybersecurity experts were in attendance as part of the in-camera briefing.
The team of independent cybersecurity experts with KPMG was hired to assist the municipality in dealing with the matter and the RCMP have been notified.
“We believe that some of our files were accessed, some of the data were accessed; it was very concerning that that could include personal information,” said Darrah.
“We don’t have any evidence of any misuse of any individual’s personal information and the investigation is still ongoing.”
Upon learning of the incident on March 19, the Town of Banff took immediate steps to secure its systems and mitigate the impact to data and operations.
The cybersecurity experts are also helping the municipality’s information technology specialists strengthen security of the municipality’s systems.
The Town of Banff also notified Alberta’s Privacy Commissioner of the incident.
“It’s not required, but out of best practice and of transparency, we alerted them even though we don’t know of any misuse of personal information,” said Darrah.
Darrah said protection of residents and their personal information is a priority for the Town of Banff.
“This is very concerning to learn that it happened and we take it so seriously,” he said.
“Any time that there’s a risk for someone accessing personal information, this is a critical incident that we’re applying a lot of energy to, to make sure our systems are secure.”
Darrah said the Town initially detected “something was affecting our computer systems” on March 19.
“When you have an initial impact, it can either be a corruption or someone from outside trying to get in… there was definitely a cybersecurity attempt to access our information,” he said.
“Our systems immediately took steps to mitigate the impact, which is what they do, and it locks things out.”
Darrah said the Town of Banff retained access to its data and information systems at all times during the incident.
“We never lost access, which is important. It shows the success of our automatic security systems,” he said.
The Town of Banff’s critical systems were completely unaffected, such as those in place for emergency response like the Banff Fire Department. Infrastructure such as water and sewage were also secured and operating as normal.
“They remained fully operational,” said Darrah.
The cybersecurity incident did interrupt the Town of Banff’s staggered return to in-person work at municipal facilities such as Town Hall and the operations’ building. This was underway after the province of Alberta lifted the mandatory COVID-19 work-from-home order on March 1.
In addition, some of the Town’s non-essential systems were affected such as webcams, for example. The system for renewing parking permits was also temporarily shut down.
“They were taken offline as part of our security. We did temporarily disable some systems just to ensure there was no access to the outside world,” said Darrah.
“We will try and get these things up and running as soon as possible.”
The cybersecurity team has continued to work to make sure the computer systems are secure and to assess exactly what happened.
“The cybersecurity team goes through every single thing that’s on our servers within our Town to detect what was viewed or what was accessed,” said Darrah.
Municipalities can be favoured targets of cybersecurity incidents because their cyber defences aren’t as sophisticated as larger levels of government. Attackers believe cities and towns may be more willing to pay ransoms than other organizations because of the amount of personal information they hold.
In May last year, the Resort Municipality of Whistler in British Columbia had a cybersecurity event.
As a result, non-essential town services were suspended because email, phone, network services and the website were taken offline. In-person service at Whistler’s municipal hall was also temporarily suspended.
Also last year, Ontario’s Regional Municipality of Durham, which provides regional services to eight local municipalities north of Lake Ontario including the City of Oshawa, reported it was a victim of a cybersecurity incident
In 2018, two small Ontario towns, Wasaga Beach and Midland, paid ransom demands to reclaim data after anonymous computer hackers held their computer systems hostage for more than two days. Wasaga Beach paid $35,000, while Midland did not disclose how much was paid.
In 2016, the University of Calgary paid a demanded $20,000 after a cyberattack on its computer systems. In 2018, the U.S Federal Bureau of Investigation charged two men in Iran as part of an investigation into cyberattacks that targeted the University of Calgary and computer networks in the United States.