Hamilton auditor flagged cybersecurity weaknesses three years before major attack, says report

A new report from Hamilton’s auditor general shows the city already knew its IT systems had “critical weaknesses” years before being hit by a major cyberattack.

The findings come from the first of four reports set to be released by the Office of the Auditor General (OAG) as part of a follow-up on Hamilton’s cybersecurity.

On Thursday, the report was presented to a city committee. It shows that a 2021 audit recommended numerous protective measures, but these were not implemented before the major attack in February 2024.

Following the security breach, everything from public health data to city programming was impacted as hackers held city files hostage behind encryptions.

Recovery efforts have cost taxpayers approximately $18.3 million so far.

Three more reports from the OAG are expected, including a review of how the breach was handled, an assessment of a new proposed cybersecurity plan, and a financing assessment.

In a statement released Friday, Mayor Andrea Horwath said boosting the city’s cybersecurity has been a renewed priority.

“The 2024 cyber attack was a serious event that disrupted services Hamiltonians rely on every day,” she said.

“While past vulnerabilities were identified, significant steps have been taken to strengthen cybersecurity, including new leadership, improved protocols, and proper investments in critical IT staff and systems. […] I am confident that, with appropriate investments in place, the current administration has the skills and qualifications to make that happen.”

READ MORE: Oakville theatre pulls film screenings after two violent attacks in a week