P2019-ND-023

Edmonton Humane Society

A technical malfunction in the Organization?s website’s server caused the server to randomly draw client information from a database and populate the website with the information. For a period of time between October 2017 and February 2018, when one clicked on photos of animals on the website’s adoption page, the website would show a PDF image of financial information provided by EHS clients. The website did not give access to the database of client information or the server that stored the client information. Rather, the website simply posted random images. The problem was corrected on February 28, 2018 through a “patch” developed by the website’s service provider. The Organization became aware of the breach in January 2018 after it was directly brought to management’s attention by two individuals whose information was disclosed. One of the individuals contacted the Organization because someone had taken a “screenshot” of the information on the website and posted it to social media. Another individual reported the incident to the RCMP, who then contacted the Organization.

File Type: pdf
Categories: 2019
Tags: Unauthorized access