About 360,000 Ontarians are getting notices that their personal information was part of a data breach reported in the province’s COVID-19 vaccination booking system a year ago — with advice to contact the OPP if they lost money as a result.
For more than 95 per cent of them, “only names and/or phone numbers were impacted,” the Ministry of Public and Business Service Delivery said in a statement Friday.
But the remaining Ontarians — about 18,000 — had more personal information revealed, putting them at greater risk.
“The other five per cent was made up of email addresses, DOBs (dates of birth), clinics where the vaccine was received or planned to be received, and roughly four per cent also including their health card number,” said Colin Blachar, spokesperson for Public and Business Service Delivery Minister Kaleed Rasheed.
A copy of the notification obtained by the Star advises recipients whose privacy was breached to “be suspicious of any text messages requesting financial or private information,” echoing a warning issued last year.
“If you received a text message that displayed your name or the name of a family member which was spelt the same way that it appeared on your vaccination certificate, and you incurred a financial loss as a result of this, please email the details to CyberCrime@opp.ca,” the notifications sent Friday state.
“The public should always be suspicious of any text messages requesting financial or private information. If you suspect fraudulent activity, please report to the Canadian Anti-Fraud Centre … through its website at antifraudcentre.ca or by telephone at 1-888-495-8501.”
THE MOST POWERFUL SALE & AFFILIATE PLATFORM AVAILABLE!
There's no credit card required! No fees ever.Create Your Free Account Now!
The data breach of the COVaxON system took place on Nov. 16, 2021.
Six days later, Ontario Provincial Police charged two individuals — one who worked in the vaccination booking call centre — with unauthorized use of a computer after search warrants were executed and computers and laptops seized.
An investigation began after the government received reports of spam text messages from people who had scheduled appointments or accessed their vaccination certificates through the vaccination booking system.
At the time, the government said “no personal health information was accessed” and “Ontarians should be aware these texts are financial in nature and that the government will never conduct a financial transaction through these methods.”
The one-year delay in notifying people whose information was breached was explained this way in the notification: “In recent months, as a result of the investigation conducted by the OPP, the ministries (of service delivery and health) received a list of people impacted by this privacy breach based on evidence seized.”
The government has been working with the OPP and the provincial privacy commissioner for the last year “to determine the scale and impact of the breach,” said the statement from Rasheed’s office.
“Ontario’s COVID-19 vaccine booking system is regularly monitored and tested as part of the ministry of health’s cybersecurity protocols and we remain confident that the booking system continues to be a safe and secure tool for Ontarians to use.”
Rob Ferguson is a Toronto-based reporter covering Ontario politics for the Star. Follow him on Twitter: @robferguson1
Subscribe to the newsletter news
We hate SPAM and promise to keep your email address safe