Advertisement

Former City of Edmonton worker accessed info of 5,000 personnel in 2021 data breach

Click to play video: 'Former city of Edmonton worker accessed info of 5,000 personnel in 2021 data breach'
Former city of Edmonton worker accessed info of 5,000 personnel in 2021 data breach
A former employee at the City of Edmonton accessed the personal information of more than 5,000 workers in a data breach in May 2021. Sarah Komadina reports. – Nov 30, 2022

A former employee at the City of Edmonton accessed the personal information of more than 5,000 employees in a data breach in May 2021, staff revealed Wednesday.

In a news release, Daryl Croft, branch manager of open city and technology (OCT), said the employee downloaded documents from city-owned computers onto a personal cloud-based account in May 2021.

“Given the size of the breach, the city hired an outside forensic IT consulting firm, which was able to access the cloud account and identify more than 157,000 records that could belong to the city,” Croft said.

“We have no reason to believe the records were shared beyond the employee, who is no longer employed by the City of Edmonton.”

Click to play video: 'IKEA Canada confirms customer privacy breach'
IKEA Canada confirms customer privacy breach

The records are from 2018 to 2020. The types of files downloaded include, but aren’t limited to, employee discipline reports, settlement agreements, union seniority and retirees lists, and Alberta human rights complaints.

Story continues below advertisement

“Some files included employee names and payroll numbers. Other files included performance management information, seniority lists and recall information for employees who were temporarily laid off,” Croft said.

Eleni Stroulia, a professor in the department of computing science at the University of Alberta, said it’s almost inevitable that big organizations will face data breaches like this.

Breaking news from Canada and around the world sent to your email, as it happens.

“As a person moves through the organization, they tend to amass different access control permissions. At some point they may have access to too much data,” she said.

Stroulia said the fact the city hired a third-party firm to audit the breach shows an effort to repair trust.

“Hopefully, as long as the information has not leaked broadly, what needs to be done to mitigate the impact of this breach will be possible,” she said.

Croft said safeguards were immediately strengthened after OCT heard about the breach.

According to the city, since the breach was first reported there has been no evidence of misuse of the information involved.

Mayor Amarjeet Sohi wasn’t able to comment on the details of the breach, but on Wednesday said the protection of privacy is a fundamental responsibility of city administration.

Story continues below advertisement

“I understand that city administration has taken steps to ensure that that doesn’t happen in the future. I understand they’re going to dig deeper into investigating why this breach has happened,” he said.

The city recommends those who worked for the city between 2018 and May 2021 who have questions about privacy related to this incident reach out to the office of the city clerk at 780-496-1551.

Sponsored content

AdChoices