LATEST STORIES:

Evening weather forecast for Sept 17

Stop work order issued after demo of Tivoli Theatre in Hamilton starts without permits

Toronto Public Health gives final update on investigation into gynecologist’s office

Details of gun buyback program coming soon, minister says

‘Shocking’ dashcam footage shows wrong-way driver on Ontario’s Highway 401

Hamilton granted injunction order ahead of McMaster Homecoming weekend

Councillors seek answers after Hamilton denied insurance claim for 2024 cyberattack

  • Updated:
Share this story...

Accountability councillors pressed Hamilton city staff during a meeting Wednesday why it took 17 months to provide a full report following the cybersecurity attack in 2024.

During the meeting, Hamilton Mayor Andrea Horwath and City Manager Marnie Cluckie were pressed on accountability during an update on the cyberattack that rocked the city in February of 2024.

City staff were able to contain the incident within 48 hours of the attack, but some details are still unclear, including information on the cybercriminals behind the attack.

The ransom amount demanded by the cybercriminals was around $18.5 million, but there are no new details on who they were.

Hamilton police say the investigation is ongoing.

Councillors pushed to find out who was responsible for the city being denied the insurance claim – $5 million – due to multi-factor authentication not being fully implemented at the time of the attack.

“Our priority throughout has been safety and security in the city and our community,” said Cluckie. “Now, as the city implements cybersecurity enhancements and we’re progressing towards long term transformation, we’re able now to share this fuller picture.”

Hamilton Councillor of Ward 9 Brad Clark asked several times who was responsible for ensuring that the insurance contract was complied with.

“My understanding is that the cybersecurity insurance writer policy at the time, would have probably been executed through previous leadership,” said Cyrus Tehrani, the acting chief information officer with the City of Hamilton.

“So, because that’s previous leadership, the current leadership is excused of ensuring that it’s complied with?,” asked Clark during the meeting.

City staff say they had begun rolling out multi-factor authentication in January 2024, and some areas of the city had implemented it when the attack happened.

“The way that the attack occurred was not necessarily the kind of multi-factor authentication that we all think about,” said Horwath, “like when we put an extra code in our phone – it was more deep within the organization.”

During the news conference Cluckie was asked who made the decision not to roll out the extra layer of security back in 2022 and 2023.

“There isn’t an individual person that made the decision not to,” said Cluckie. “It was a project that was in progress and staff were working on it.”

“It had not been completed. We are aware of that and have made improvements to address that,” said Cluckie.

According to the latest cost update from the city, regarding the incident, the total is now at $18.3 million but more costs are expected.

“I don’t expect many more costs associated with recovery and response as we transition to rebuild, and again, that’s the approximately $30 million that council approved in 2025 surrounding those 2021 projects,” said Mike Zegarac, the general manager of finance and corporate services with the City of Hamilton.

“There may be some additional costs as we integrate systems and data,” said Zegarac.

Another additional cost that the city says will be added in the future are financial services with Deloitte that will cost $388,000 a month until November 2026.

WATCH MORE: Cost of 2024 cyberattack on Hamilton’s city hall almost doubles to $18.3M

Related Stories