Town’s servers down for three days during cybersecurity incident in January
WESTLOCK — A few more details surrounding the cybersecurity incident involving the Town of Westlock earlier this year, have been made public, following discussion at the June 10 regular council meeting.
Town of Westlock administration addressed the cybersecurity incident publicly for the first time since announcing it on May 31 and said the town’s servers were down for three days during the event.
Director of finance Julia Seppola noted in her report to councillors, some of the feedback she’s received from residents and concerned citizens, as well as some additional details about the incident.
“We’re probably three-quarters of the way through the recovery process,” said Seppola, noting the incident was “an insurable loss” and she is working with the town’s insurance company to complete the recovery process.
Seppola said a report was filed with the Westlock RCMP as well as with the National Cybercrime Coordination Centre (NC3).
“NC3 was notified, which is a special branch for the RCMP for cybercrime and the privacy commissioner received a notification,” she said, noting the town (servers) were “down for three days” during the cybersecurity incident and they “had a partial (outage).”
Westlock RCMP Staff Sgt. Jeff Sehn confirmed that RCMP are investigating the incident.
“I can confirm that yes, we are investigating this and that we’ve engaged the K-Division federal policing cybercrime investigation team from Edmonton,” said Sehn. “They are a cybercrime investigative team that are experts in this field and in investigating these matters.”
Town of Westlock CAO Simone Wiley confirmed additional details in a follow-up interview last week, and explained that both the Rotary Spirit Centre and the Aquatic Centre were not impacted by the cybersecurity incident.
“We were able to isolate the Spirit Centre and the Aquatic Centre from our network, so those two facilities were able to for example, take bookings and basically operate business as usual in those two facilities,” said Wiley, noting how the town was impacted during the incident from Jan. 31 and Feb. 2.
“So in that three-day period we were unable to issue you a receipt for paying your utility bill, as an example,” she said. “We were still manually taking payments and issuing paper receipts, so we could still do that, but we couldn’t issue you a computer-generated receipt out of our system for those three days.”
Wiley confirmed that “all of the services” the town provides to the public “were back up and running within the three days,” and added the recovery process that Seppola referenced at the June 10 council meeting involves the town’s infrastructure.
“When you go through an incident, the machines that are affected, the servers that are affected, those go to the forensic auditors for them to go through and do a forensic audit on those machines,” said Wiley, adding the town was able to borrow some older servers that were not being used, from other municipalities “to get ourselves back up and running after those three days.”
“We have our servers and we’re just working on getting them back up and connected to our network.”
Employees were also included in the 1,633 letters that were sent out to residents and businesses, informing them of the cybersecurity incident.
“The Town sent a letter to current employees as well as anyone who was employed with the town in the last two years,” explained Wiley.
The town has not provided a financial cost or impact of the incident, nor able to confirm a claim amount that the town intends to file with their insurance company. Wiley said she did not have “an exact amount yet.”
“Julia’s (Seppola) working on our proof of loss for the insurance company now,” said Wiley.
