January 5, 2019 1:45 am
Updated: January 5, 2019 1:46 am

Whistler.ca website breached after hackers exploit ‘obscure vulnerability’

The Resort Municipality of Whistler says some personal information may have been compromised when its website was breached at the end of last month.

Whistler.ca
A A

The Resort Municipality of Whistler (RMOW) said its website suffered a security breach that may have compromised some people’s personal information.

In a bulletin posted on Friday, the municipality said it found that the Whistler.ca website had been breached on Dec. 28, and that staff took “immediate action” to “identify, contain and resolve the issue.”

The RMOW said Thursday that staff realized web forms built into the website to collect personal information may also have been vulnerable.

READ MORE: Whistler Blackcomb resort unveils long-awaited gondola after weeks of delays

Those forms and any associated personal information were taken offline, and the entire site was reverted to an older, uncompromised version, the RMOW said.

The intent of the attack, according to the RMOW, appears to have been to re-direct visitors on Whistler.ca to other, possibly illicit websites.

Story continues below

The site is now being scanned for malware numerous times each day; the municipality will also conduct a security audit.

While the municipality does not believe that stealing personal information was the hackers’ main intent, it admitted that some such information was available, and said it is now reaching out via phone and email to people whose data could have been compromised.

No credit card information or social security numbers compromised, it said, and third-party sites like those relating to homeowner grants or parking ticket payments weren’t affected.

READ MORE: Oil and gas industry drops out of Whistler investor conference over mayor’s climate change letter

Global News has requested comment from the Whistler RCMP on the breach.

According to the RMOW, the Whistler.ca website was regularly scanned for security and its security patches were up to date.

The breach was related to “an obscure vulnerability that could not have been applied as a part of the regular updates, patches or monitoring efforts,” it added.

Anyone concerned that their personal information may have been exposed can contact Whistler Legislative Services at (604) 935-8118 or corporate@whistler.ca.

© 2019 Global News, a division of Corus Entertainment Inc.

Report an error

Comments

Comments closed.

Due to the sensitive and/or legal subject matter of some of the content on globalnews.ca, we reserve the ability to disable comments from time to time.

Please see our Commenting Policy for more.