Article content

A contractor working for the City of Edmonton is being blamed for a data breach exposing the personal data of an unknown number of city, Edmonton Police Service (EPS) and Edmonton Public Library (EPL) employees and their families.

Postmedia obtained an email notifying affected employees on Monday a contractor with “limited” access to pension and benefits data exposed it to a third party. Neither the independent contractor nor the third party are named. Family members listed as dependents were the most exposed — their names, dates of birth and marital statuses were revealed.

Advertisement 2

Article content

For staff, their retroactive and pensionable earnings, and employee numbers, were exposed. A handful of personal addresses were also revealed for fewer than 10 people. More sensitive information wasn’t included — no employee’s names, banking information, social insurance numbers or finances were compromised.

In the email sent by Kimberley Matheson, branch manager for the city’s Enterprise Commons IT project, the city is clear this wasn’t a case of hacking. The contractor’s access was immediately revoked when the problem was discovered.

“This situation involved a contractor providing access to an unauthorized third party to personal information that they were not authorized to disclose,” the email states. “In this case, City of Edmonton procedures confirmed there was a breach of privacy and took immediate action to contain the breach.”

The data was “visible” but could not be downloaded or copied from the end of May into early June, according to the city. Alberta’s information and privacy commissioner has been notified.

“While the contractor had access to personal information to fulfill their role at the city, we took every reasonable step to protect that personal information, including a criminal record check and restrictions on how and for how long they could access that information.”

Article content

Advertisement 3

Article content

Asked how many total employees were impacted, a city spokesperson did not answer the question. Similar questions were put to EPS and EPL but both agencies told Postmedia to contact the city.

Stacey Padbury, deputy city manager for financial and corporate services, confirmed no other projects or city systems were exposed in the breach and neither was the public.

She said the city isn’t required to inform employees about the data breach but they did so because “we believe it is important that we were transparent with our employees.”

“The city addressed the issue quickly by immediately revoking the contractor’s access to all city systems and began an internal investigation to determine the full scope of the privacy breach and to understand if there are things to learn for the future,” she said.

“While it’s good to know that our detection systems and vigilant employees identified this issue so we could immediately revoke the contractor’s access, it is unfortunate that the actions of an individual has inconvenienced our employees.”

In a different situation, the city warned members of the public to be on the lookout for fradulent city websites. A notice was visible on the official City of Edmonton website over the weekend warning of “malicious sites attempting to copy our website and link users to non-city payment sites. Ensure you are on a web page that includes edmonton.ca in its address before following any links,” the notice stated.

Advertisement 4

Article content

Enterprise Commons

The city is currently working on a significant technology project called Enterprise Commons. Work began before the onset of the COVID-19 pandemic and was expected to begin rolling out in phases by March 2022. When complete, it will decommission a series of aging municipal IT systems that cover payroll, purchasing and finance.

A city spokesperson confirmed the breach didn’t compromise the new Enterprise Commons system, but said the independent contractor “was working with the data that will be used” by that system.

Deloitte was chosen through a bid process to help transition the data to the Enterprise Commons system. SAP Canada is providing the technology.

lboothby@postmedia

@laurby

Article content





Source link

By admin