Ontario's vaccine management system suffers a data breach, affecting thousands

Ontario’s vaccine management system suffered a data breach last year, compromising the personal information of more than 360,000 people. Two people, including an Ontario government employee, were charged with unauthorized computer use.

The Ministry of Public and Business Service Delivery said in a statement that affected individuals will receive notices that their personal information was part of the November 2021 data breach of the COVAXX system. According to the statement, in over 95 percent of the cases, only names and/or phone numbers were exposed.

The ministry said it is working with the Ministry of Health, police, and Ontario’s privacy commissioner to determine the impact and scale of the breach on the province’s vaccine booking system.

One of the accused, a 21-year-old Gloucester-area resident of Ottawa, worked at the vaccine contact center, a division of the Ontario Ministry of Government and Consumer Services, according to a news release from the Ontario Provincial Police. The other was a Vaudreuil-Dorion, Quebec, resident aged 22.

According to police, numerous people who scheduled their vaccination appointments or accessed their vaccination certificates through the provincial booking system reported receiving spam text messages. People were asked for their personal information in those scam spam texts.

The statement further guaranteed that the vaccine booking system is a secure tool because it is regularly tested and monitored via the Ministry of Health’s cyber security protocols.