Thousands of banking records exposed after Alberta dental benefits administrator hacked

A woman uses her computer keyboard to type while surfing the internet in North Vancouver, B.C., on Wednesday, December, 19, 2012. THE CANADIAN PRESS/Jonathan Hayward

A recent cybersecurity breach targeting a government service provider could have left thousands of Albertans’ banking records and hundreds of thousands more names exposed.

On Thursday, the Alberta Dental Service Corporation (ADSC) said it had been hacked between May 7 and July 9. On the final day, the hackers communicated they had encrypted the data, were holding it ransom and demanded cryptocurrency in payment.

Lyle Best, the ADSC president, said the organization’s cyberinsurance was immediately engaged and the ransom was paid, recovering the data with a minimal loss of that data. Best also noted the corporation had secure backups.

“We take the security of information in our care very seriously. Unfortunately, even with the most stringent measures in place, these incidents are not always preventable. ADSC would like to sincerely apologize to our valued clients and health providers and appreciates the worry this incident may cause,” Best said in a statement.

Story continues below advertisement

ADSC is the dental benefits administrator for the Alberta government and has programs that serve seniors, Albertans on Assured Income for the Severely Handicapped (AISH) and other low-income health benefits.

Click to play video: 'Petro Canada cybersecurity incident disrupts gas stations across Canada'
Petro Canada cybersecurity incident disrupts gas stations across Canada

Less than 7,300 seniors on the Quikcard program may have had their personal banking information leaked.

Breaking news from Canada and around the world sent to your email, as it happens.

ADSC said it is reaching out directly to Albertans whose personal financial data was hacked and those people will be offered complimentary credit monitoring.

Approximately 1.47 million peoples’ names and dental program ID numbers were compromised.

ADSC said it will be providing tips on how to further secure their personal information.

Health providers’ information was also part of the hack.

Click to play video: 'Essential cybersecurity tips to safeguard your digital footprint'
Essential cybersecurity tips to safeguard your digital footprint

Cybersecurity experts investigated the incident for ADSC, and RCMP and Edmonton Police Service were also informed of the hack in the following days. The cybersecurity experts shared their findings with ADSC on July 26.

Story continues below advertisement

Best told Global News the Russian ransomware group 8base was identified as responsible, and said the entire data breach could have started as innocently as someone opening a phishing email, allowing for the software to be installed.

“It’s frustrating,” he said.

The ADSC president said the organization’s cybersecurity vulnerabilities have since been secured.

An ADSC webpage was set up for Albertans where they can find more support and contact information. A call centre will also open at 6 a.m. on Monday.

The provincial dental program administrator said the investigation of the data breach is ongoing and the organization will take further measures if deemed necessary.

Sponsored content