City confident in data safety despite cyberattack; experts skeptical

March 13, 2024
1 min read

TLDR:

  • City of Hamilton believes personal data is safe during a cyberattack, which experts say is unusual.
  • Hamilton officials claim no personal information was compromised in the ransomware attack, but cybersecurity experts find this unlikely.

In a ransomware attack against the City of Hamilton, officials have expressed confidence that personal information remains safe, despite cybersecurity experts stating that it is rare for such data to be spared in these situations. The attack, which occurred over two weeks ago, led to the shutdown of multiple city services, including the suspension of city council meetings and disruptions to services such as the library and payment processing.

Hacker and cyber expert Jayson E. Street highlighted the vulnerability of cities to cyberattacks, emphasizing that municipalities have numerous access points that hackers can exploit. While the city has not disclosed how the ransomware entered its system, the Canadian Centre for Cyber Security has noted that ransomware attacks can be extremely disruptive, affecting entire systems.

Hamilton is not alone in facing cyber threats, as other municipalities like Huntsville and the Toronto Public Library have also dealt with similar attacks. The recovery process from significant breaches in municipalities can take up to a month, with ransom demands ranging from less than $50,000 to over $1 million. Street emphasized the importance of increasing awareness among workers to prevent future attacks and limit access to personal and private data within systems.

In conclusion, while Hamilton officials remain confident in the safety of personal data, cybersecurity experts caution against such beliefs, emphasizing the need for increased security measures and employee awareness to prevent future cyber threats.

Latest from Blog

EU push for unified incident report rules

TLDR: The Federation of European Risk Management Associations (FERMA) is urging the EU to harmonize cyber incident reporting requirements ahead of new legislation. Upcoming legislation such as the NIS2 Directive, DORA, and