A British Columbia municipality has acknowledged being the victim of a cyber attack just over two weeks ago.
The admission made today comes after the LockBit ransomware gang listed the Sunshine Coast Regional District on its data breach website.
“On Thursday, September 8 and for most of Friday, September 9, computer servers at the Sunshine Coast Regional District (SCRD) were offline,” the municipality said in a statement. “This caused an email outage at the SCRD and our website was also offline. The SCRD’s servers were back online within 16 hours with very little impact to services.
“At this time, it appears as though the SCRD has been a victim of a deliberate attempt by criminals to access information on our servers. In response, the SCRD has contracted an external cyber security firm to assist with our investigation and the Sunshine Coast RCMP has also opened a file on this cyber incident.
“Out of an abundance of caution, the SCRD has also notified the [British Columbia] Office of the Information and Privacy Commissioner (OIPC) which is seen as best practice in these circumstances.
“The SCRD is currently working to determine if any personal data may have been compromised on our servers during the cyber incident. If this is the case then the SCRD will follow established procedures through the OIPC with notifications to those affected.”
Headquartered in the town of Sechelt, the regional district is spread across some 3,700 sq. km. It has a population of about 32,000 that includes the town of Gibson, the Schelet Indian Government District, and several Indigenous reserves. Schelet is about a two-and-half hour drive and ferry ride from Vancouver. According to Wikipedia, the district is typically accessed via ferry, boat or plane; no roads connect it with the rest of the province.