Cyber Incident Victim: Resort Municipality of Whistler

The Resort Municipality of Whistler (RMOW) discovered a security breach affecting its municipal website, whistler.ca, on December 28, 2018. Initial analysis indicated the breach involved attempts to redirect web traffic to external, likely illicit websites. Municipal staff responded immediately by identifying, containing, and resolving the issue. The RMOW publicly disclosed the incident on January 4, 2019, confirming the website had been restored to normal operations. Routine security measures prior to the breach included regular malware scans and the application of the latest security patches to the website’s content management system and server. However, the attackers exploited an obscure vulnerability that existing monitoring and patching protocols had not anticipated.

On January 3, 2019, staff identified an additional risk: personal information submitted through web forms on whistler.ca might have been exposed during the breach. Although the attackers’ primary objective appeared to be traffic redirection rather than data theft, the RMOW removed all web forms and associated personal data from the site as a precaution. The entire website was reverted to an earlier, uncompromised version. No credit card details, social security numbers, or data from third-party services like parking ticket payments or homeowner grants were affected. The RMOW initiated direct outreach via phone and email to individuals whose personal information was potentially exposed, advising them to contact Legislative Services for further assistance. Enhanced security measures included multiple daily malware scans and plans for a comprehensive security audit. Whistler Mayor Jack Crompton emphasized the organization’s commitment to privacy, calling the response a reflection of this priority.