Family and Children’s Services of Lanark, Leeds and Grenville v. Co-operators General Insurance Company, 2021 ONCA 159 (CanLII)
'It was four years of my life on hold' — CAS whistleblower cleared of hacking charges.
PROTECTED BOARD PORTAL OR PUBLICLY ACCESSIBLE WEBSITE?
The Difference between Internet, Intranet and Extranet.
Internet vs. intranet vs. extranet: The key differences
1. Internet : The network formed by the co-operative interconnection of millions of computers, linked together is called Internet. Internet comprises of :
People : People use and develop the network. Resources : A collection of resources that can be reached from those networks. A setup for collaboration : It includes the member of the research and educational committees worldwide.
2. Intranet : It is an internal private network built within an organization using Internet and World Wide Web standards and products that allows employees of an organization to gain access to corporate information.
3. Extranet : It is the type of network that allows users from outside to access the Intranet of an organization.
https://www.joinblink.com/intelligence/internet-intranet-extranet
CAS whistleblower acquitted.
The judge noted that the CAS did not take appropriate measures to secure private information. The judge also noted there were no special computer skills or deception required to access the files, which were not marked as confidential and came with no warnings or disclaimers.
The information was publicly available, the judge ruled. He said there was no hacking and Denham didn’t break any Children’s Aid Society (CAS) laws about identifying children involved in court proceedings.
IT SPECIALIST
The majority of testimony on Aug. 14 came from David Schmidt, an IT specialist, who was contracted to investigate the issues with the organization’s website. (It was also noted that he was the son-in-law of Margaret Row, a project manager for FCSLLG.)
LAX SECURITY
In later testimony, Schmidt said that accessing the sensitive documents from the organization’s website (which was a WordPress web page), in 2016, would not have required passwords and usernames to access the private board portal on the website.
So there was no need for an Intranet or an Extranet to protect the information the were uploading to their WordPress Board Portal from FCSLLG's internal office computers.
https://www.insideottawavalley.com/news/smiths-falls-kelley-denham-acquitted-in-family-and-children-s-services-computer-case/article_ee414e7f-ccb2-5b1e-a9bb-0a85b7359042.html
https://ottawacitizen.com/news/local-news/it-was-four-years-of-my-life-on-hold-cas-whistleblower-cleared-of-hacking-charges
https://www.recorder.ca/news/local-news/cas-whistleblower-acquitted
HOW MANY WORDPRESS WEBSITES ARE HACKED EACH YEAR?
https://prominentweb.com/blog/how-many-wordpress-websites-hacked-each-year/
Understanding CMS Security: A Look at Website Vulnerabilities
Recent professional studies have revealed that approximately ninety percent (90%) of all compromised content management systems (CMS) on the Internet were WordPress sites. This is a significant figure compared to Joomla (4.3%) and Drupal (3.7%), which ranked second and third respectively.
https://marketing.legal/EN/success/tips-and-bits/wordpress-hacked-the-most
https://blog.hubspot.com/website/wordpress-security-issues
https://www.wpbeginner.com/beginners-guide/reasons-why-wordpress-site-gets-hacked/
https://blog.sucuri.net/2024/02/wordpress-hacked.html
1M+ WordPress Sites Hacked via Zero-Day Plug-in Bugs: A wide-ranging campaign to inject malicious code into WordPress-run websites has been ongoing for at least five years.
https://www.darkreading.com/vulnerabilities-threats/1m-wordpress-sites-hacked-via-zero-day-plugin-bugs
Appellate Court rules on cyber breach class action coverage dispute
Family and Children’s Services of Lanark, Leeds and Grenville v. Co-operators General Insurance Company, 2021 ONCA 159 (CanLII) On March 15, 2021, the Ontario Court of Appeal released its decision in Family and Children’s Services of Lanark, Leeds and Grenville v. Co-operators General Insurance Company. This proceeding arose out of three separate applications dealing with the duty to defend, which were heard together.
Family and Children’s Services of Lanark, Leeds and Grenville (FCS) claimed that it was hacked in April 2016, and confidential reports were allegedly leaked onto two Facebook pages. Prior to this incident, FCS had hired Laridae Communications (Laridae) to refresh and review the FCS website. FCS and Laridae were both insured by Co-operators General Insurance Company (Co-operators). Following these alleged unintended disclosure incidents, a class proceeding was commenced against FCS seeking damages of $75 million. FCS also brought a third-party claim against Laridae.
Co-operators denied coverage to both FCS and Laridae, based on exclusion clauses in the policies, which excluded claims arising from the distribution or display of data by means of an internet website. FCS and Laridae claimed Co-operators had a duty to defend their interests in the class action and began applications. Co-operators brought a separate application for an order that it had no duty to defend Laridae in the class action.
https://canliiconnects.org/en/summaries/73734
Cyber Liability Prior to FCSLLG v. Co-operators.
https://www.pallettvalo.com/wp-content/uploads/2021/05/PV-Insurance-Law-Court-of-AppealCGL-Policies-4-1.pdf
https://www.pallettvalo.com/articles/ontario-court-of-appeal-upholds-data-exclusion-clauses-in-cgl-policies-no-duty-to-defend/
Appeal Court ruling on data exclusion clauses significant for insurance bar, say lawyers.
https://lawlibrary.ca/wp-content/uploads/2021/04/Appeal-Court-ruling-on-data-exclusion-clauses-significant-for-insurance-bar-say-lawyers-The-Lawyers-Daily.pdf
Why Are Some Cybersecurity Insurance Claims Denied?
As we mentioned, one of the reasons claims are denied is a failure to take reasonable steps to protect your business. However, there are other reasons claims may be denied as well. Some insurers will only cover certain types of cyberattacks or data breaches. For example, they may not cover phishing attacks or social engineering. Check with your insurer to see what is and is not covered under your policy.
There are several reasons why cybersecurity insurance claims are denied. Here are some of the most common:
You Did Not Have Adequate Cybersecurity Measures in Place
Your claim might be denied if you did not have adequate cybersecurity measures in place at the time of the data breach or incident. Your insurance provider will want to see that you took reasonable steps to protect your data and systems. This includes things like having a firewall, using strong passwords, and having up-to-date anti-virus software.
You Failed to Take Reasonable Steps to Prevent the Data Breach or Incident
Even if you had cybersecurity measures in place, your claim may still be denied if it is determined that you could have prevented the data breach or incident. For example, your claim may be denied if you failed to patch a known security vulnerability.
You Did Not Notify Your Insurance Provider Promptly
If you did not notify your insurance provider of the data breach or incident promptly, your claim might be denied. It is important to contact your insurer as soon as possible to begin the claims process.
Your Policy Has Exclusions.
Some cybersecurity insurance policies have exclusions that may prevent your claim from being approved. For example, many policies exclude claims from certain cyberattacks, such as ransomware. Review your policy carefully to see if any exclusions could apply to your claim.
You Did Not Cooperate With the Investigation
Your claim might be denied if you did not cooperate with the insurance company’s investigation into the data breach or incident. The insurance company will want to interview you and review your records to determine what happened.
You Made Material Misrepresentations in Your Application
Your claim might be denied if you made material misrepresentations on your insurance application. For example, your claim may be denied if you failed to disclose a previous data breach or incident. Be sure to disclose all relevant information on your insurance application to avoid denying your claim.
https://daxtech.ca/will-your-cybersecurity-insurance-claim-be-denied/
2024: ‘I am deeply troubled’: Data breach impacts clients at Lanark County family services organization Posted on February 16, 2024 by Dissent Doe, PhD
https://databreaches.net/2024/02/16/i-am-deeply-troubled-data-breach-impacts-clients-at-lanark-county-family-services-organization/
MEET KIM MORROW: FORMER DIRECTOR OF SERVICE FOR FCSLLG.
CANADA'S COURTWATCH WITH VERN BECK...
HOW DID IT ALL START?
COURT OF APPEAL FOR ONTARIO
CITATION: Family and Children’s Services of Lanark, Leeds and Grenville v. Cooperators General Insurance Company, 2021 ONCA 159 DATE: 20210315
DOCKET: C68449 and C68460
THE APPLICATION JUDGE’S DECISION.
https://www.svlaw.ca/docs/default-source/default-document-library/c68449-c68460-rere.pdf
Whatever happened to Smiths Falls Det.-Const. David Rakobowchuk?
https://conspiranon.blogspot.com/2023/09/whatever-happened-to-smiths-falls-det.html
2018: Officials with Family and Children’s Services of Lanark, Leeds and Grenville — claim they saw an English ransom message flash on their computer screens, demanding $60,000, when they tried to access their database in November.
“It encrypted most of our servers,” says the Lanark agency’s executive director, Raymond Lemay. “No data was taken out of our system. It was just an attempt by whatever you call these people to get a ransom.”
Lemay says his agency didn’t pay up. He says it used an offline backup of computer files to get the agency up and running again in about eight hours.
Cybersecurity experts from the province’s Ministry of Children and Youth Services, along with a private internet security firm, swooped into the agency to neutralize the malware in the infected servers.
“It took them about three weeks to find the needle in the haystack,” Lemay says.
The ransomware attack locked the agencies out of local online files that contained private information on the children and families they serve.
https://www.thestar.com/news/insight/ransomware-attacks-hit-two-ontario-children-s-aid-societies/article_cb319732-152e-52a9-bd48-a5fa940c9338.html
FAMILY AND CHILDREN'S SERVICES OF LANARK, LEEDS AND GRENVILLE FINANCIAL STATEMENTS MARCH 31, 2023.
https://fcsllg.ca/wp-content/uploads/2023/08/FCSLLG-Audited-Financial-Statements-March-31-2023.pdf
Comments
Post a Comment