Cyber Incident Victim: Corporation of the City of Stratford
Date:
Apr 2019
Location:
Canada
Summary
The City of Stratford experienced a cyberattack disrupting municipal email services, online forms, and phone systems, with calls failing to connect properly and requiring manual handling by staff. Officials confirmed no personal data was compromised during the incident, though the full scope of the attack remained unclear. A cybersecurity expert suggested the simultaneous outages might indicate proactive system shutdowns to contain the threat, noting municipalities' attractiveness as targets due to sensitive data like confidential communications or high-value land contracts. Possible motives ranged from targeted data theft to opportunistic ransomware, though no specific malware or attacker was identified during initial assessments.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On April 14, 2019, the City of Stratford publicly announced via its website and social media channels that it was actively managing an apparent cyberattack impacting multiple municipal systems. The attack disrupted the city’s email services and online forms, prompting the immediate deployment of response resources and activation of predefined risk management protocols. By the morning of April 15, city officials confirmed through investigation that no personal information stored on municipal systems had been compromised, though further updates were anticipated later that day. Concurrently, the city’s phone system experienced significant malfunctions, with calls routing directly to inaccessible voicemail boxes. This forced switchboard operators to manually record call details and physically deliver messages to relevant departments. While the phone outage coincided with the cyber incident, municipal representatives did not definitively attribute it to the attack at the time of reporting.
The incident’s scope involved multiple interdependent systems failing simultaneously, though the city did not disclose specific technical details about the attack vector or perpetrator. Cybersecurity expert Alexandar Essex contextualized the event by noting that municipalities’ extensive data repositories—including confidential communications between officials and sensitive land contracts—make them attractive targets. He suggested the simultaneous subsystem failures might indicate proactive isolation measures rather than a coordinated "uber-cyberattack." Essex cited diverse potential motives, ranging from targeted data exfiltration to opportunistic ransomware infections or automated cryptocurrency mining operations. The City of Cambridge’s 2018 cryptojacking incident, which affected over 200 Canadian websites, was referenced as a comparable municipal cyber threat. Stratford’s containment efforts prioritized system integrity assessments and public assurance regarding data security, with no evidence of operational ransom demands or data leaks disclosed in initial findings.