Sun. Feb 25th, 2024

Robbery at a victim support center of sexual assault

Open in full screen mode

The theft took place in the center's new premises, located in the city center. (Archive photo)

Radio-Canada

Voice synthesis, based on artificial intelligence, allows you to generate spoken text from written text.

The Salal Sexual Assault Center in Vancouver announced to its users and donors that a computer server containing their sensitive personal information and banking details was stolen from its premises on December 3.

Vancouver police confirmed in an email to Radio-Canada on Friday that an investigation is underway into this break-in. The latter took place in the structure's new premises, located in the city center.

At least one woman who used the center's services said she planned to file a complaint with the health watchdog British Columbia Privacy Shield.

In a December 23 email obtained by CBC/Radio-Canada, Salal general manager Dalya Israel informed center users that a backup server containing their contact details was among the items stolen from the office, currently under renovation.

Your name, email address, phone numbers, and notes regarding security risks or services you requested are disclosed, sold and shared publicly, wrote Dalya Israel.

This theft would not concern individual files, case notes or even medical information, says the general director of Salal, because they are kept on an encrypted third-party platform.

Loading in progressHamas number two killed in Israeli strike near Beirut

ELSEWHERE ON NEWS: Hamas number two killed in Israeli strike near Beirut

The stolen server also contained information on donors' bank accounts and images of checks , as well as names, addresses and telephone numbers, according to another email to donors obtained by CBC/Radio-Canada.

Credit and debit card information from online donations is stored on an encrypted third-party platform and remains secure, Dalya Israel said.

This is not a data hack, we can read in his email. We do not believe that this intrusion was intended to destabilize Salal SVSC or the users of the structure.

According to the Director General, the risk of theft or misuse of data is low because access to it requires high level IT knowledge. An independent privacy impact assessment found the risk to be moderate.

However, it is not known how many people who have had their data compromised or how vulnerable they are.

On Friday, Dalya Israel declined an interview request from CBC/Radio-Canada.

In an emailed statement Sunday, she declined to answer questions about how the stolen data was stored to protect the integrity of the investigation and material information.

< p class="StyledBodyHtmlParagraph-sc-48221190-4 hnvfyV">Dalya Israel says the theft was devastating for Salal. Our deepest commitment is to users and our community, and we know that this has had and will have a significant impact on them, she wrote.

Salal is a non-profit organization. It responded to 4,769 distress calls and provided 1,304 individual counseling sessions between April 2021 and March 2022, according to its latest annual report.

Over During that same period, it received more than $510,000 in donations from 3,454 individual donors, the report said.

Two cybersecurity experts say it's a good thing that Salal informed its users and donors of the data theft. However, they say the center is downplaying the significant impacts this theft could potentially have on the safety, finances and privacy of thousands of people.

Ali Dehghantanha, Canada Research Chair in Cybersecurity and Threat Intelligence at the University of Guelph, believes Salal, given the nature of the organization's activities, should have taken more action to protect some of the sensitive data.

If the data is not encrypted, it is easy for anyone to access this information, explains the expert, who refuses to speak of low risk in this case.

David Jao, professor and member of the Cybersecurity and Privacy Institute at the University of Waterloo, says it's easy to sell stolen equipment to someone #x27;one who can access it and use the data to empty bank accounts, commit fraud or phishing scams.

It is difficult to recall data once it is in the wrong hands, says David Jao. He thinks that certain donors whose data is on the server could be prime targets.

The simple fact of being a client of the center is something private and sensitive for many people, believes Ali Dehghantanha.

According to information from Yasmine Ghania and Moira Wyton

By admin

Related Post