Headline News » Uncategorized

Former Town of Orangeville employees’ personal information impacted by cyber-attack

April 3, 2025   ·   0 Comments

By Sam Odrowski

The Town of Orangeville continues to be impacted by a cybersecurity incident that began on Feb. 27.

Orangeville’s CAO David Smith told the Citizen that while there’s no evidence of broad-based public impact, some personal information of former Orangeville Police Service staff and Town employees from 2005 to 2023 has been compromised.

But at this time, Smith said the Town can’t share how many people have been impacted, as the investigation is still ongoing.

The degree of personal identifying information that’s been affected by the cyber-attack varies by individual, according to Smith.

While the full scope of potentially impacted information is still under review, he said, “What we can share based on current evidence is that potentially impacted personal identifying information may include dates of birth, social insurance numbers (SIN), driver’s licenses, health cards, passports, birth certificates, salaries and rates of pay, and financial information.”

Smith added, “As a precaution, credit monitoring is being offered to individuals depending on the type of personal identifying information potentially affected.”

A stolen birth certificate or SIN number can be used to obtain other forms of identification to commit fraud, such as a driver’s license or passport. These identifying documents can also be used to open bank accounts, apply for credit cards and loans, file tax returns or claim government benefits.

The Town of Orangeville apologized to individuals potentially impacted by the cyber-attack in a press release issued on March 31.

“We acknowledge the seriousness of this incident, which we take very seriously. We continue to work with our cybersecurity experts to address any gaps in our systems that may be identified during their investigation and analysis,” reads the press release.

The Town of Orangeville is unable to share the cause of the cyber-attack, which started 35 days ago.

“We use robust tools and systems to monitor, detect and investigate potential threats. Unfortunately, due to the rapidly evolving nature of security incidents, it is nearly impossible to protect against or prevent all incidents,” said Smith. “We are investigating the cause and scope of the incident and to maintain the ongoing security of our environment, we will not be providing details regarding the nature of this incident at this time.”

Websites that track and monitor ransomware victims, such as Ransomware.live, have listed the Town of Orangeville as a victim of Ransomware Group BLACKSUIT.

Smith didn’t confirm if the Town believes BLACKSUIT to be the perpetrator of the cyber-attack but said he is aware of the claim and the Town is investigating.

Over $500 million in ransom demands have been made by BLACKSUIT since 2022, according to CISA and the FBI. A high-profile cyber-attack by this ransomware group was on the City of Dallas in June 2023, which cost taxpayers $8.5 million in related expenses.

As the investigation into the local cyber-attack is ongoing, at this time the Town of Orangeville isn’t able to confirm the associated costs.

Going forward, Smith said maintaining the integrity of Town systems and protecting private information is a top priority. He added that cybersecurity measures are currently in place at the Town and are updated regularly.

“Prior to this incident, Town staff and council proactively identified a desire to further enhance IT and records management systems. These commitments are reflected in both 2024 and 2025 budgets and work planning. With the support of council, work in these areas was already underway or in the planning stages when this incident occurred,” said Smith.

“Additionally, we will continue working with our cybersecurity experts to understand how the incident occurred and build on any lessons learned.”

Readers Comments (0)