Jannah Theme License is not validated, Go to the theme options page to validate the license, You need a single license for each domain name.
Canada

About 40,000 people were affected by SLGA cyberattacks, according to the Privacy Commissioner

This attack was caused by software vulnerabilities, undetected attacker activity, and unnecessary information retention by SLGA.

Article content

A cyberattack targeting Saskatchewan’s Liquor and Gambling Authority compromised the personal data of about 40,000 people, according to a report from the state’s Information and Privacy Commission.

advertising 2

Article content

SLGA issued a media release on December 28, 2021, informing the public that the attack took place three days ago.

Article content

However, Commissioner Ron Kruzeniski reported on November 10 that the attack actually took place in November, when an IT employee was unable to connect to a web server and the attackers sent a ransom demand on Christmas Day. Said it was detected only on days.

Kruzeniski found that SLGA took appropriate steps to contain the privacy violation once the attack was discovered.

Software vulnerabilities, undetected attacker activity, and “unnecessary retention” of personal information by SLGA are the three root causes of attacks, the report said.

The data of approximately 40,000 individuals were affected, including current and former employees, employee dependents, and regulatory clients.

advertising 3

Article content

Attackers threatened to share the data with the media and the dark web. Since March 22, 2022, SLGA has learned that personal information has been exposed to the dark web.

According to the report, a vulnerability in Crown’s content management system platform allowed the attackers to remotely infiltrate SLGA’s IT environment without authentication.

SLGA said it was unaware of the vulnerability because it had not been informed of it by its platform supplier.

However, Kruzeniski pointed out that the vendor posted a security bulletin on its website on October 8th explaining the vulnerability and how to fix it. Articles and blogs were then published further promoting that information.

Advertising 4

Article content

It took 78 days from the vendor posting the bulletin to SLGA discovering the attack.

The attacker’s intrusion into the IT environment was also not detected as unusual or malicious. In the window before SLGA knew about the attack, the attacker had access to multiple data areas.

Kruzeniski said this was exacerbated by the “unnecessary retention” of personal information by state-owned enterprises, including former employees and their dependents, as well as regulated customers whom SLGA had not been in contact with in the past five years. Stated.

“If SLGA had not retained personal information indefinitely, the number of affected individuals could have been much lower,” he said.

Kruzeniski made many recommendations for next steps for SLGA. To prevent missing information about potential vulnerabilities, SLGA should subscribe to security bulletins emailed by content management system vendors, he said.

Advertising 5

Article content

In addition, Crown Corporation must regularly evaluate its systems for detecting and blocking malicious activity and modify its policies regarding the retention of personal information to avoid doing so unnecessarily.

Kruzeniski also posted details on its website outlining how affected persons can request copies of lost information, as well as information on regular communication with employees and clients. recommended to do so.

News always seems to fly fast to us. From the latest on COVID-19, to politics and crime and everything in between, it can be hard to keep up.With that in mind, Saskatoon Star Phoenix is afternoon headlines A newsletter is delivered daily to your inbox to help you stay up to date with the most important news of the day. Click here to subscribe.

    advertising 1

comment

Postmedia is committed to maintaining an active yet respectful forum for discussion and encourages all readers to share their opinions on our articles. It may take up to an hour to moderate your comments before they appear on the site. Please keep your comments relevant and respectful. You have enabled email notifications. You will now receive an email when you receive a reply to a comment, when a comment thread you are following is updated, or when someone is following your comment. For more information and details on how to adjust your email preferences, please see our Community Guidelines.

About 40,000 people were affected by SLGA cyberattacks, according to the Privacy Commissioner

Source link About 40,000 people were affected by SLGA cyberattacks, according to the Privacy Commissioner

Related Articles

Back to top button
situs toto situs togel bo togel bo togel situs toto agen togel situs toto bo togel situs togel situs toto slot gacor toto slot