It wasn’t a very fun Christmas last year for the Saskatchewan Liquor and Gaming Authority (SLGA), after a cybersecurity incident affected many computer systems and applications on Dec. 25, 2021.
As part of the initial investigation, SLGA determined the criminals who attacked SLGA’s IT systems accessed some data associated with SLGA employees, including information typically collected by employers such as names, banking information and social insurance numbers.
As the investigation continues, SLGA has found some clients information may have also been accessed during the cyber incident.
The SGLA announced Tuesday that they are directly notifying regulatory clients who provided any sensitive personal information within the last five years.
“This information may include place and date of birth, driver’s licence, height, weight, eye colour, employment history, criminal record history and financial disclosures gathered as part of the licensing/permit process for commercial liquor permits, cannabis permits and gaming/horse racing registrants,” the SLGA said in a press release.
“This step is being taken after cyber experts found evidence that some of this information was disclosed on the dark web. Letters have been sent to this client group with further information and an offer of credit monitoring for two years.”
SLGA has also begun an indirect notification process aimed at two client groups: regulatory clients who provided SLGA with sensitive personal information more than five years ago and regulatory clients who provided SLGA with less sensitive personal information.
As SLGA continues to deal with the aftermath of the cyber incident, the investigation is expected to continue for the foreseeable future.