Ontario government worker charged in COVID-19 vaccination data breach

Click to play video: 'OPP make two arrests in ‘immunization system breach’'
OPP make two arrests in ‘immunization system breach’
WATCH ABOVE: Two men were arrested, charged, and later released after police executed search warrants to investigate a data security breach in Ontario’s vaccination booking system. One of the men charged was a provincial government employee. As Sean O’Shea reports, cyber security experts say information in the system has high value for criminals – Nov 23, 2021

Suspects from the Ottawa and Montreal areas, one of whom worked at a government vaccination call centre, were arrested Tuesday in connection with an OPP investigation into a security breach of Ontario’s COVID-19 immunization system.

The province’s cybercrime team said it started an investigation into a possible data breach on Nov. 17 when the Ontario government flagged reports from the public about spam text messages received after residents booked COVID-19 vaccine appointments or downloaded their vaccination certificates.

On Monday, OPP executed search warrants in Ottawa as well as in Quebec with help from the Sûreté du Québec.

Police said they seized several computers and electronic devices.

Click to play video: 'Ministry confirms possible data breach at Pickering Long-term care home'
Ministry confirms possible data breach at Pickering Long-term care home

Ayoub Sayid, a 21-year-old from Gloucester, Ont., is facing charges of unauthorized use of a computer. OPP said in a statement that the suspect is a government employee who worked in the province’s vaccine contact centre.

Story continues below advertisement

Rahim Abdu, 22, of Vaudreuil-Dorion, Que., faces the same charges.

Both accused have been released with future court dates.

A spokesperson for Ontario Solicitor-General Sylvia Jones said Tuesday that Sayid was working in the call centre through a third-party vendor, “but is no longer employed by the government.”

Spokesperson Stephen Warner also confirmed that “no personal health information was accessed” as part of the breach.

Jones told reporters on Monday that the public can feel secure in using the online vaccination portal.

“When we hear of potential breaches, we investigate thoroughly,” she said at a press conference Monday.

“We have confidence in the booking system, that there are no concerns.”

An OPP spokesperson said the cybersecurity unit is still investigating to determine how many people were contacted through the breach. He said the scam appears to have been an attempt to solicit more private or financial information from the targets.

“At this point we continue to investigate the nature of the messages,” the spokesperson said.

Story continues below advertisement

“Typically, text or SMSishing refers to the fraudulent practice of sending text messages purporting to be from a reputable source in order to induce individuals to reveal personal information, such as passwords or credit card information.”

The OPP advised members of the public to be suspicious of any messages asking for such information and to report any possible scams to the Canadian Anti-Fraud Centre.

Click to play video: 'Ontario’s COVID-19 vaccination patient data concerns raised after information breaches'
Ontario’s COVID-19 vaccination patient data concerns raised after information breaches

Sponsored content