Downtown Legal Services (DLS) has been responding to a cyber security incident. On November 21, DLS discovered a virus on their network that affected an undisclosed number of clinic computers and files on their network server.
At this time, there is no evidence to suggest that any sensitive or personal client information was stolen.
Isaac Straley, the University of Toronto’s Chief Information Security Officer, said, “[W]e want to make sure that people understand there’s not, to our knowledge, any exposure of information.”
The incident prevented DLS from accessing a number of electronic files, including those related to their clients. As a public interest clinic operated by the Faculty of Law, DLS serves low-income clients and U of T students.
DLS has taken steps to notify their clients of the incident.
In a statement released to Ultra Vires, DLS said, “We want to keep our clients informed about what has occurred and reassure them that we are here to represent them with their legal matters.”
DLS shut down all clinic computers as an immediate response, and contacted Information Technology Services (ITS), the overarching department that facilitates delivery of IT services across the university’s divisions.
ITS has taken measures to contain and respond to the incident and is working to further investigate and restore the clinic to its full operations. The incident has been reported to law enforcement, and the Information and Privacy Commissioner of Ontario has been notified.
“[I]t’s been a very intense week,” said Lisa Cirillo, Executive Director of DLS. Cirillo declined further comment, saying that she is unable to share more details at the moment.
The clinic remains open.
Wi-Fi installation at DLS was already underway at the time of the incident and was completed on November 28, allowing staff and students to work from their personal laptops at the clinic until DLS’s computers are operational again.
According to Bo Wandschneider, the university’s Chief Information Officer (CIO), “There’s lots of things that happen every day around cyber security. We have a lot of resources dedicated to it. We’re mitigating risks coming in and we’re responding to incidents.”
The Office of the CIO is responsible for ITS, and released a new Strategic Plan for 2019-2024, coordinating across U of T’s three campuses and multiple divisions and faculties.
Technological services at the university are decentralized. While there are advantages to this model because of its dynamic nature, it is not without disadvantages.
“[W]e have to work harder around education and awareness and engaging people around the community,” said Wandschneider.
Cyber security attacks will happen, said Wandschneider, and the Office of the CIO works to continually mitigate risks and to reduce the number of cyber security events and incidents that happen. In addition to initiatives like anti-phishing campaigns, they connect with university divisions to implement self-assessments to understand where security gaps may lie.
Wandschneider encouraged the building of relationships across the decentralized technological services system. “DLS and the Faculty of Law have been fantastic throughout this process, and they have been very collaborative,” said Wandschneider. “Hopefully we’ll get them back up and running soon.”
Update:
The ITS team has since identified the cause of the incident as malicious code introduced by a device in the clinic, said Wandschneider in a January 22 email. The malicious code was unable to fully “complete,” and there was no exfiltration of data, he said.
“As you can imagine, this was an enormous relief for DLS and our clients,” said Cirillo in an email on January 22.
All clinic machines have been rebuilt, and new security measures have been implemented to protect DLS from similar attacks in the future, said Wandschneider.
“Due to the dedicated efforts of the IT teams at both the Faculty and the University, we are making real progress in getting all of our systems back up and fully operational,” said Cirillo. DLS expects the repair work to be mostly complete by the end of the month.
