City of Hamilton regrets ‘privacy breach’ connected with vote by mail registrations

The City of Hamilton has expressed regrets to a number of residents who had personal information exposed in what’s being described as a “privacy breach.”

In a release from the city manager’s office, staff revealed some 450 individuals who signed up to vote by mail in the upcoming 2022 municipal election had their emails exposed when a message was sent Thursday providing details on the process.

“The city regrets the error and any distress that this incident may cause those who have used the Vote by Mail process,” a spokesperson for the city said in a statement sent by email on Friday.

In the explanation, staff said multiple email addresses were inadvertently entered in the “to:” line of the email instead of the “bcc:” box, which exposed email addresses of all the recipients.

“Immediate steps were taken to recall the message and to notify all affected individuals,” the city said.

Get breaking National news

For news impacting Canada and around the world, sign up for breaking news alerts delivered directly to you when they happen.

Sign up for breaking National newsletter Sign Up

By providing your email address, you have read and agree to Global News' Terms and Conditions and Privacy Policy.

Technology analyst and journalist Carmi Levy says having an email address “out there” makes it easier for scammers to harvest information and potentially use it against the owner.

“Even though an email address is just one data point, it can easily be combined with data from other breaches,” Levy told Global News.

4:30 Emergencies Act inquiry: Ottawa resident details ‘quite extensive’ physical impact, ‘experience of helplessness’

• Emergencies Act inquiry: Ottawa resident details ‘quite extensive’ physical impact, ‘experience of helplessness’
• Fire Prevention Week: Getting alarms for home
• Montreal Canadiens superfan decks out dad’s hospital room
• COVID-19 concerns rise again as hundreds of variants spread

Previous Video

Next Video

“So having it shared against our will gives more people out there the opportunity to scrape additional personal data from other sources, combine them into a common database, then use that information to target us with attacks.”

Levy says the irony is Hamilton breach happened during Cybersecurity Awareness Month across Canada and suggests the city may have a “personnel training problem.”

“Specifically, they’re not reinforcing the right behaviors, which means more low-hanging-fruit exposures like this one are basically inevitable,” said Levy.

“Technology won’t solve this. Prioritizing cybersecurity training will.”

The city manager’s office says it takes the matter seriously and is set to conduct a review of processes related to personal information.

It also plans on “proactively” notifying the Information and Privacy Commissioner of Ontario (IPC).

Individuals who wish to lodge a complaint can direct their queries to the IPC or to the manager of corporate records and privacy at the city clerk’s office.