Two charged in vaccine-system data breach

TORONTO – Hundreds of thousands of Ontarians’ information may have been compromised in a data breach of the province’s vaccine management system last year. Beginning this month, some 360,000 people will receive notices that their personal information was part of the November 2021 data breach of the COVAXX system, the Ministry of Public and Business Service Delivery said in a statement.

The ministry said it had been working with the Ministry of Health, police and Ontario’s privacy commissioner to determine the scale and impact of the breach. The ministry’s statement does not say how it occurred.

Two people were charged in connection with the breach last year.

One of the accused, a 21-year-old who lives in Ottawa’s Gloucester area, was an employee of the vaccine contact centre, part of the Ontario Ministry of Government and Consumer Services, Ontario Provincial Police said in a news release last year.

The other was a 22-year-old man from Vaudreuil-Dorion, Que. Both have been charged with unauthorized use of a computer.

Police said at the time that the provincial government received reports of spam text messages from several individuals who had scheduled their vaccine appointments, or accessed their vaccine certificates, through the provincial booking system.

Those “fraudulent spam” texts asked people for their personal information, said OPP spokesperson Bill Dickson.

In its statement, the ministry said in over 95 percent of the cases, “only names and/or phone numbers were impacted.”

The statement says the vaccine booking system is “regularly monitored and tested” through the Ministry of Health’s cyber security protocols, and that the province is “confident” the system remains a secure tool.