Cyber Incident Victim: Town of Banff
Date:
Mar 2022
Location:
Canada
Summary
The Town of Banff experienced a cybersecurity incident involving unauthorized access to its computer systems, prompting an investigation by independent experts and notification to the RCMP and Alberta’s Privacy Commissioner. While critical infrastructure and emergency services remained unaffected, some personal data and files were potentially compromised, though no misuse has been confirmed. Non-essential systems, including parking permit renewals and webcams, were temporarily taken offline as a precaution, disrupting certain municipal operations and delaying the return to in-person work. The municipality retained access to its systems throughout the incident, with automated security measures mitigating further impact, and cybersecurity efforts focused on strengthening defenses and assessing the breach’s scope.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 3 motives | 3 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On March 19, 2022, the Town of Banff detected unauthorized activity affecting its computer systems, prompting an immediate response to secure its networks and mitigate operational impacts. Initial indications suggested an external cybersecurity attempt to access municipal data, triggering automated security protocols that locked out potential intruders without causing a complete loss of system access. The municipality engaged KPMG’s independent cybersecurity experts to investigate the breach and assist internal IT teams in strengthening system defenses. While critical infrastructure—including emergency services, water, sewage systems, and the Banff Fire Department’s operations—remained fully functional, non-essential services such as parking permit renewals and public webcams were deliberately taken offline as a precautionary measure. This temporary shutdown disrupted the Town’s phased return to in-person work at facilities like Town Hall, which had resumed following Alberta’s March 1 lifting of COVID-19 work-from-home mandates. Officials confirmed that some files containing personal information were likely accessed but emphasized no evidence of data misuse had been identified during the ongoing investigation. The Town proactively notified the RCMP and Alberta’s Privacy Commissioner despite no legal obligation to do so, citing transparency and best practices.
The cybersecurity team conducted a granular review of servers to determine the scope of accessed or viewed data while maintaining municipal operations throughout the incident. Town representatives clarified that no ransom demands or claims of responsibility had been received as of March 28, when Banff’s council received a confidential briefing on the attack during an in-camera meeting attended by KPMG investigators. Automatic security measures were credited with preserving uninterrupted access to core systems and limiting the attack’s reach, though the incident underscored vulnerabilities commonly exploited in municipalities due to perceived weaker cyber defenses compared to larger governments. Historical precedents cited in the investigation included ransomware incidents affecting Canadian municipalities like Whistler, Durham Region, Wasaga Beach, and Midland, where threat actors targeted personal data to pressure ransom payments. The Town prioritized restoring disabled non-essential services while reinforcing system security, with no specified timeline for full recovery provided during the initial response phase.