WHISTLER (NEWS 1130) — Whistler says it’s website has been hacked.
The resort municipality says a cyber attack has been taking people to a different website when they tried to visit Whistler.ca, something staff noticed on December 28. According to a statement, personal information may have been collected through different forms on the website, but the municipality doesn’t think credit card or social security numbers were stolen. Parking ticket payments and home owner grants were not affected.
The attack apparently exposed an ‘obscure vulnerability’ that wasn’t protected by regular site updates and security patches, according to a statement.
It seems hackers have found a way to breach @RMWhistler's municipal website.https://t.co/PCwNergR4t has been attacked and some who used the website may have had their personal information stolen. @NEWS1130 pic.twitter.com/RzQpzneT6q
— Lauren Boothby (@laurby) January 5, 2019
Staff believed to have found and fixed the breach, but on January 3 they realized forms on the website may have also been vulnerable to an attack. The municipality says they removed the webforms and personal information from the website.
“Leading up to the security breach, the website was regularly scanned to ensure it was secure. The latest security patches have always been applied to the Whistler.ca content management system and server,” reads the statement. “The attack that led to this security breach exposed an obscure vulnerability that could not have been applied as part of the regular updates, patches and ongoing monitoring efforts.”
Now it says it’s scanning the site several times a day for malware to make sure it is secure, and will
“The privacy of people’s personal information is a top priority for our organization,” Whistler Mayor Jack Crompton said in a statement. “Our current response reflects this commitment.”
The municipality says it’s emailing and calling people who may have been impacted by the breach, but says if you’re concerned your information may have been compromised to contact Legislative Services at 604-935-8118 or email firstname.lastname@example.org .