Cyber Incident Victim: Children's Aid Society of Oxford County

On January 18, 2018, the Children’s Aid Society of Oxford County experienced a ransomware attack that encrypted data on its local servers, rendering sensitive information about children and families inaccessible. The agency paid a $5,000 ransom to regain access to its systems, though executive director Bruce Burbank confirmed no data was stolen and systems were restored within a day. Separately, Family and Children’s Services of Lanark, Leeds and Grenville faced a similar attack in November (year unspecified), when a $60,000 ransom demand in English appeared on their screens during an attempted database access. The Lanark agency did not pay the ransom, instead restoring operations within eight hours using offline backups. Both incidents occurred while the agencies were transitioning data to CPIN, a new $123-million provincial child welfare database. Cybersecurity teams from Ontario’s Ministry of Children and Youth Services and a private firm assisted Lanark in neutralizing the malware, a process requiring three weeks to identify and eliminate the threat.

The attacks disrupted local file access but did not compromise the CPIN system, which remained secure throughout. The Oxford agency was temporarily quarantined from CPIN for two weeks as a precaution while ministry experts verified the provincial database’s integrity. The Lanark incident incurred $100,000 in recovery costs, covered by cyber insurance, while Oxford’s direct ransom payment totaled $5,000. In response, the ministry enhanced security protocols for data transfers between local agencies and CPIN, citing the attacks as a catalyst for reinforcing cybersecurity practices province-wide. Officials emphasized that ransomware exploited vulnerabilities during the system transition, though no evidence indicated targeted attacks. The incidents underscored broader trends in ransomware threats, with cybersecurity experts noting increased frequency and ransom demands in Ontario during that period.