Manitoba ombudsman blasts families department for lack of cybersecurity safeguards after 2024 hack

Staff Editor 2026-06-04
Manitoba ombudsman blasts families department for lack of cybersecurity safeguards after 2024 hack

Manitoba ombudsman blasts families department for lack of cybersecurity safeguards after 2024 hack

https://www.cbc.ca/news/canada/manitoba/families-cyberattack-disability-services-9.7223984

Publish Date: 2026-06-04 18:02:00

Source Domain: www.cbc.ca

Listen to this article

Estimated 5 minutes

The audio version of this article is generated by AI-based technology. Mispronunciations can occur. We are working with our partners to continually review and improve the results.

Manitoba’s ombudsman is criticizing the province’s families department for a lack of privacy and security safeguards after the personal information of vulnerable people was accessed in a 2024 cyberattack.

The 1,361 people were clients of Manitoba’s Community Living DisAbility Services, the provincial adult disability services program, the ombudsman wrote in a May 28 report.

The compromised information included legal names, addresses, day program details, emergency contacts, social insurance numbers, sources of income, personal health identification numbers and other medical information, the ombudsman says.

“The exposure of these categories of information creates a heightened risk of financial loss, identity theft, and damage to reputation or relationships,” the report says.

The information was accessed through a community-based service provider that detected suspicious activity on its systems on Oct. 8, 2024, the report says. The service provider notified the families department of the suspicious activity the next day.

A forensic investigation that month confirmed the unauthorized access and transfer of data, concluding the hacker’s most likely path of entry was the service provider’s virtual private network, or VPN, the report says.

The source of the cyberattack is not shared in the report. The affected service provider is not named but is identified as a non-profit organization with “minimal funding available for cybersecurity.”

During the ombudsman’s investigation, the families department said it provided privacy and security guidance to its service providers in 2022 and again in 2025, but the report says that came in the form of a general privacy awareness presentation.

The materials shared in that presentation did not establish “any minimum…

Source

More Stories

Mountain Rides resolves cybersecurity threat | Transportation

Mountain Rides resolves cybersecurity threat | Transportation

Staff Editor 2026-06-05
NICC offers new computing and cybersecurity program for high school students | 97 Seven Country WGLR – The Tri-States Best Variety of Country

NICC offers new computing and cybersecurity program for high school students | 97 Seven Country WGLR – The Tri-States Best Variety of Country

Staff Editor 2026-06-05
Ashley Devoto Named Air Force CIO

Ashley Devoto Named Air Force CIO

Staff Editor 2026-06-05

Terms and Conditions - Privacy Policy