Cyberattack: What we know so far
The cause, consequences, and response to the breach being kept under wraps
As the city continues to grapple with a “cybersecurity incident,” much of what the emergency might entail has been veiled in secrecy.
City officials have been especially guarded when it comes to details and slow to release information since they discovered the problem late Sunday.
Why is the city not telling us more?
Officials say they have to withhold information to protect the interests of the municipality and public due to the complex nature of the cybersecurity breach. “I would just ask for patience and understanding in that regard,” Mayor Andrea Horwath said.
What happened?
City manager Marnie Cluckie said Hamilton had a “cyber incident” that has “disabled some of our IT systems” but wouldn’t go into detail, calling it an “ongoing and fluid situation.”
How has the cyberattack affected city services?
The breach has disabled city phone lines, affected email and knocked down websites. It has
also rendered various electronic systems, such as HSR dispatching and city payments, inoperable. The city has published a list on its website, Hamilton.ca.
How much and what kind of data might have been accessed?
That can’t be shared, Cluckie responded, saying the city “has to be sensitive about what information is shared.”
Is this a ransomware scenario, which involves software holding data hostage for payment?
Horwath said she’s not “aware of” whether ransomware factors into the cyber-emergency. In an email, staff responded the city “must be sensitive about what information is shared.”
What is the city doing to handle the situation?
Cluckie said a “dedicated team of cybersecurity experts and staff” are investigating and assures the public that the city is “doing everything in our power to protect sensitive data.”
Who are the hired experts and how much is their pay?
“We cannot provide information that relates to the ongoing investigation,” the city said via email.
How many staff have been deployed from regular duties to respond to the emergency?
The city won’t say. But the city’s emergency operations centre (EOC), which led the city’s COVID-19 pandemic response, is involved. “While the EOC is activated, we cannot provide specifics.”
Is law enforcement investigating? If so, which agency?
That’s not clear. The city would only say “police have been made aware of the incident.” The Hamilton Police Service (HPS) says the city hasn’t asked it to investigate. The RCMP said it’s not investigating and the OPP told The Spectator to contact HPS.
Has the city informed the Information and Privacy Commissioner of Ontario?
Yes, the city sent a “privacy breach report” to the IPC on Tuesday. Due to an “administrative error,” the IPC initially said the city hadn’t reported the incident.
Have city staff been locked out of files as a result?
“There is some intermittent disruption and we have moved to some manual processing, but we are hoping to be up online as soon as possible,” Cluckie said.
What about emergency services?
They “remain operational” but, likewise, some “back-end processes have become manual,” Cluckie said. Fire department officials haven’t responded to requests to explain what this entails. The paramedics union noted a “level of inconvenience and frustration” without electronic functions. HPS said it’s not affected by the cyberattack.
What about city council business?
On Wednesday, council cut short its meeting amid the technological hurdles and postponed the bulk of its agenda items to a future, yet-to-be-announced date. Committee meetings were cancelled this week.
What do councillors know?
Not much, they initially said. But they received a closeddoors update from staff on Wednesday and voted to keep what was discussed confidential.
How long will it take to deal with this?
“It’s difficult to provide a concrete timeline because it still is an ongoing investigation,” Cluckie said, “but we have all hands on deck and we’re working 24-7 to investigate, to restore and to recover.”
What about the city’s existing cybersecurity system?
Cluckie said she couldn’t comment on the “robustness of the system” during the emergency but said the city would do a “fulsome review” in its aftermath.