The Town of Huntsville has recently concluded its investigation into the cyber security incident that was discovered on March 10, 2024.
The ransomware attack impacted the Town’s network, software, and systems. As soon as the incident was detected, the Town immediately enacted its incident response protocol, brought its systems offline to limit exposure, and engaged cybersecurity experts to investigate.
The Town’s investigation concluded that certain data, including some sensitive personal identifiable information, was impacted by the incident. Individuals whose sensitive personal information was included in the compromised data, and for whom the Town has sufficient contact information, are being contacted by the Town of Huntsville directly. Those communications will not ask for any personal identifiable information, including financial information.
“We understand how concerning it may be to learn that your information has been compromised. We are making every effort to raise awareness in the community to ensure individuals are informed and can take the appropriate next steps,” shares Denise Corry, CAO of the Town of Huntsville.
Individuals who have previously provided sensitive information to the Town, Muskoka Heritage Place, the Algonquin Theatre, or Huntsville Public Library are encouraged to take the precautions outlined on priv.gc.ca to safeguard their data.
For more information, please visit huntsville.ca/cyber.
From the Town of Huntsville
RELATED
Due to cybersecurity incident, interim ticket solution implemented for the Algonquin Theatre
Town of Huntsville says cybersecurity incident has impacted the theatre
Town of Huntsville provides update on cyber attack
Town updates residents on its cybersecurity attack
Huntsville Mayor and CAO issue video message re cyber security breach
Huntsville Town Hall has reopened following a cyber attack
Town of Huntsville issues update on cyber attack
Cyber security concerns result in closure of some Huntsville facilities
I just got a call from Denise Corry explaining why I got a letter regarding my brother’s information. Not very often would someone as busy as Denise take the time to make the call. So I say, Thanks Denise!
I just received a letter from the Town of Huntsville about the incident. It is addressed to Dale Dunstan Raynor. Dale passed away in the Huntsville Hospital 17 years ago. He hadn’t lived in Huntsville for over 30 years. What is disturbing is that the type of information pertaining to Dale that was impacted was medical diagnosis information, healthcare provider location and healthcare provider name. Why would anyone in the town office have access to Dale’s medical information? I expect someone from the town office to explain this, because it is a clear invasion of privacy.
The question that the town needs to answer is why tax payers and employee information is on the internet. There is probably a way to keep all the information on a separate computer(s) that are not connected to any other system.
The town clerks office is on the ball. My mother received her warning letter this week.
Mother passed away 20 years ago. Town hall efficiency?
I got a letter about the Cyber Security Incident from the Town: clerks dept dated Dec 5/25, received Dec 11/25 and called the Incident Response Line ( 1-888-360-9965) this morning. The woman who answered was working remotely from the state of Georgia with a lovely southern accent and could not tell me what company she was working for and had one sheet of paper to inform her how to respond. Apparently the Town had the company dealing with the cyber incident contracted out the Incident Response Line which the Town had no control over. The Town of Huntsville general inquiries staff person, advised me that each letter is personalized with directions to follow. I can assume that a variety of specified data has been compromised and not just from the date March 10 2024.It seems in some cases individuals were offered Equifax service regarding credit history impacts. It is important to note that all staff and past employees and possibly councillors will also have had their information impacted.
It is odd that someone in Georgia who cannot identify her employer and equipped only with one sheet of paper is the Incident Response Line.
It is time for the taxpayers of Huntsville to get together and hire an attorney to force the Town of Huntsville to explain what happened in this cyber security incident. There have been no actual details released and we are just finding out years later that our data was compromised (Obviously!)
The sheer amount of negligence in this entire situation is astounding. Huntsville was also responsible for IT support for other Municipalities as well and there has been no word about them either. This is a coverup of bad practices and we need to expose this so it can be dealt with and proper security practices can be implemented.
As one of the individuals mentioned above I am rather disgusted to learn this 22 months later!!
I’ve spoken with your hotline whereby the representative could not answer any questions I had though said she was experienced in this matter. Just great.