Cyber Incident Victim: Municipality of the County of Kings

The Municipality of the County of Kings was victimized by a cybersecurity incident that transpired on July 10th and 11th, 2023. An investigation conducted by engaged cybersecurity experts determined that the initial intrusion occurred on July 10th. This breach was accomplished through the exploitation of a specific software vulnerability that existed on one of the municipality's servers. This initial point of compromise allowed the threat actors to gain unauthorized access to the municipal network. The incident was not contained to the initial entry point and resulted in a significant data exfiltration event. The investigation concluded that sensitive personal information belonging to the Municipality of the County of Kings employees and its elected Councillors was likely stolen during this breach. This compromise of personal data represents a serious violation of the privacy and security of the individuals who serve the municipality.

The scope of the incident extended beyond the municipality's own personnel and officials. Other organizations that were receiving certain pension-related services from the Municipality of the County of Kings were also affected by this cybersecurity event. The data pertaining to these external organizations, which was under the municipality's management as part of its service provision, was also compromised in the attack. This indicates that the attackers were able to access and extract information from systems that supported these external services, broadening the impact of the incident to include partner entities. The municipality has undertaken the responsibility of reaching out directly to all those individuals whose information was likely stolen to provide them with information regarding the breach, support services, additional resources to help protect them, and clear next steps they should consider taking.

Furthermore, the investigation revealed that the stolen data was not limited to highly sensitive personal information. The names and email addresses of anyone who has corresponded with the Municipality of the County of Kings could be included in the information that was taken. This wide net potentially captures a vast number of citizens, business entities, and other stakeholders who have engaged in electronic communication with the municipality for any reason. This aspect of the data theft exposes a large segment of the public to potential phishing campaigns and targeted social engineering attacks. In response to this specific risk, the municipality has publicly asked its citizens to be extremely vigilant about any unsolicited emails or phone calls they receive that request personal information or demand payment while appearing to be on behalf of the Municipality.

The municipality has advised that any individual receiving such a request should contact the Municipality directly through verified channels to confirm the legitimacy of the communication before taking any action or providing any information. This guidance is crucial for mitigating the secondary effects of the data breach, as threat actors often use stolen contact information to launch convincing follow-up attacks. A key finding from the forensic investigation provided a small measure of relief; it was confirmed that no payment card information was affected by this incident. This indicates that systems processing financial transactions were either not accessed or did not contain such data at the time of the breach, preventing a direct financial compromise of individuals' credit or debit cards through this event.

Upon discovery of the incident, the Municipality of the County of Kings promptly engaged external cybersecurity experts. Their immediate objective was to minimize the ongoing impact of the cybersecurity incident by containing the breach and preventing further unauthorized access or data loss. These experts worked to secure the compromised systems and assess the full extent of the damage. Following the initial response, their role expanded to include enhancing the overall security posture of the municipality's digital infrastructure to prevent a similar incident from occurring in the future. This involved addressing vulnerabilities, strengthening defenses, and implementing additional security measures.

These cybersecurity professionals also guided the Municipality through the complex and careful process of returning to full operational capacity in a safe and secure manner. This recovery process had to be managed cautiously to ensure that systems were thoroughly cleansed of any malicious presence and that all security patches were applied before services were fully restored. The municipality has expressed its continued commitment to offering safe and secure electronic services to its citizens and partners, underscoring that this incident has reinforced the importance of robust cybersecurity measures. The event has highlighted the persistent threats faced by public sector entities and the critical need for constant vigilance, advanced security protocols, and prompt incident response capabilities.

For individuals concerned about the potential for identity theft or fraud as a result of this data compromise, the municipality has disseminated advice based on standard post-breach recommendations. While the municipality itself is not providing specific identity protection services directly in its communication, it has advised affected parties to consider signing up for credit monitoring and identity theft protection services offered by various third-party providers. These services can help individuals by alerting them to changes in their credit profile or attempts to open new accounts in their name, providing an early warning system against financial fraud.

The municipality further advises all potentially impacted individuals to monitor their financial statements for both credit cards and bank accounts with increased regularity and scrutiny. This proactive monitoring allows for the early detection of any unauthorized or suspicious activity. Should any such activity be identified, the guidance is to promptly report it to the associated financial institution, such as one's bank or credit card company, so that they can take immediate steps to secure the accounts and investigate the transactions. In more serious cases where individuals have evidence that their information has been misused in a fraudulent manner or that they have become victims of identity theft, the municipality advises them to contact the Royal Canadian Mounted Police (RCMP) to report the crime. This official reporting is essential for law enforcement to track and investigate these offenses. The director of finance and information technology, Greg Barr, has been designated as the primary contact for the municipality regarding this incident, providing a point of contact for further inquiries.