Ucluelet’s district office has been hit with a phishing attack.
The district’s Manager of Corporate Services Joseph Rotenberg sent out emails last month warning anyone who has had email correspondence with Director of Engineering Services James MacIntosh of a potential privacy breach of personal information.
Rotenberg’s email landed in the Westerly News’ inbox on July 31, explaining that “unauthorized actors” had gained access to MacIntosh’s Microsoft 365 account, including his email account: jmacintosh@ucluelet.ca.
“The District recognizes that this may cause distress or concern to those affected and we sincerely apologize for this. Please be assured that the District has secured Mr. MacIntosh’s account and notified the Office of the Information and Privacy Commissioner for British Columbia,” the email reads.
It explains that MacIntosh’s account was accessed on or around April 16 and some folders in MacIntosh’s inbox were accessed, but the district did not discover what had happened until July 22.
“Fifty-six phishing emails were sent from the Director’s email on July 22, 2024. Those recipients that were sent phishing emails have been notified separately,” it reads. “The personal information in the accessed folders includes contacts, sent emails, received emails, deleted emails, and filed items.”
It adds that while the unauthorized access occurred around April 16 of this year, MacIntosh’s email account had correspondence dating back to 2021.
“To determine, what, if any personal information is affected by this incident, users can review their email account for correspondence to or from James MacIntosh (jmacintosh@ucluelet.ca) between July 14, 2021 and July 22, 2024,” it reads.
It reiterates that the district reached out to the Office of the Information and Privacy Commissioner to report the incident and lay out the steps being taken to address it and “will adhere to any recommendations or requirements from the OIPC.”
“This incident was discovered on the morning of July 22, 2024, and, within hours, steps were taken to secure the Director’s account and notify recipients of the phishing email sent from the Director’s email account,” it reads. “More broadly, the District will be taking steps to prevent such inappropriate and unauthorized access in the future. This will include reviewing security protocols to enhance user security and breach detection.”
The email encourages anyone with questions to email Rotenberg at jrotenberg@ucluelet.ca and suggests additional concerns can be raised to the Office of the Information and Privacy Commissioner for British Columbia.
“We again apologize for this incident and any distress it may cause you. We are committed to remedying this situation as best we can and as soon as we can,” it reads.