Information of 360,000 people affected in Ontario COVID-19 vaccine data breach

THE CANADIAN PRESS

The Ontario government began notifying about 360,000 people on Friday that their personal information had been part of a COVID-19 vaccine database breach that took place more than a year ago.

The breach happened on Nov. 16, 2021 and the Ontario Provincial Police charged two people, including an employee of the province’s vaccine contact centre.

Since then, the government said it has been working with the police and privacy commissioner.

The government said it takes time to determine the scale and impact of such a breach.

The Ministry of Public and Business Service Delivery said it had confidence in the vaccine booking system.

“Ontario’s COVID-19 vaccine booking system is regularly monitored and tested as part of the Ministry of Health’s cybersecurity protocols,” it wrote in a statement.

“We remain confident that the booking system continues to be a safe and secure tool for Ontarians to use.”

For about 95 per cent of the 360,000 people affected, the government said only their names and/or phone numbers were involved.

Provincial police had said they began investigating after the Ontario government received reports of spam text messages from people who had scheduled appointments or accessed vaccine certificates through the booking portal.

Investigators charged two people – a 22-year-old from Gloucester, Ont., and a 22-from Vaudreuil-Dorion, Que. – with one count each of unauthorized use of a computer.

Police said the Ontario resident who was charged was an employee with the vaccine contact centre in the Ministry of Government and Consumer Services.

A government spokesperson had said the accused had worked through a third-party vendor in the vaccine booking call centre but was no longer employed by the government.

The government said at the time that no personal health information was accessed.