Whistler.ca website breached after hackers exploit ‘obscure vulnerability’

The Resort Municipality of Whistler (RMOW) said its website suffered a security breach that may have compromised some people’s personal information.

In a bulletin posted on Friday, the municipality said it found that the Whistler.ca website had been breached on Dec. 28, and that staff took “immediate action” to “identify, contain and resolve the issue.”

The RMOW said Thursday that staff realized web forms built into the website to collect personal information may also have been vulnerable.

Those forms and any associated personal information were taken offline, and the entire site was reverted to an older, uncompromised version, the RMOW said.

The intent of the attack, according to the RMOW, appears to have been to re-direct visitors on Whistler.ca to other, possibly illicit websites.

The site is now being scanned for malware numerous times each day; the municipality will also conduct a security audit.

While the municipality does not believe that stealing personal information was the hackers’ main intent, it admitted that some such information was available, and said it is now reaching out via phone and email to people whose data could have been compromised.

No credit card information or social security numbers compromised, it said, and third-party sites like those relating to homeowner grants or parking ticket payments weren’t affected.

Global News has requested comment from the Whistler RCMP on the breach.

According to the RMOW, the Whistler.ca website was regularly scanned for security and its security patches were up to date.

The breach was related to “an obscure vulnerability that could not have been applied as a part of the regular updates, patches or monitoring efforts,” it added.

Anyone concerned that their personal information may have been exposed can contact Whistler Legislative Services at (604) 935-8118 or corporate@whistler.ca.