On March 2, Ontario's Ministry of Community and Social Services informed the public of the accidental release of 720 social insurance numbers belonging to recipients of welfare and disability support, according to the Toronto Star. In addition to SINs, information regarding the amount of assistance received last year was released as well.
Approximately 650,000 T5 forms reporting individual income from social assistance were mailed on Feb. 16. The provincial government pointed to software problems as the factor responsible for the privacy breach, specifically to the Social Assistance Management System, an IBM-built interface designed to pull data and compose files for the Canada Revenue Agency.
This interface erroneously culled data from the wrong client records and printed T5s displaying incorrect addresses, according to a statement by Amber Anderson, press secretary for Community and Social Services Minister Helena Jaczek. Close to 400 T5s were sent to individual trustees and 394 to community agencies.
Apology letters were mailed on Feb. 26, after the Ontario government learned of the error early last week.
In addition to Monday's announcement of the data breach, the province of Ontario also announced an independent review of the Social Assistance Management System, which cost approximately $242 million. This review will also investigate SAMS bugs that existed prior to the breach with T5s, as reported in an earlier story by The Toronto Star. In turn, this review has stalled the introduction of a benefit that would aid social-assistance recipients in transitioning to employment.
"This Liberal government was careless to put the most vulnerable Ontarians at the mercy of unreliable software," said Provincial Parliament Member Cindy Forster, according to The Star. "Months later and with over $250 million spent, the Liberal government still has no clue how to fix it."
A managed SIEM system could provide the key to catching future bugs before they become a problem.
Cybersecurity news and analysis brought to you by ArcticWolf, inventors of firebreak detection and response security services. FireBreak, when your firewall fails.