The Resort Municipality of Whistler (RMOW) is reporting that its municipal website, whistler.ca, has been breached—but it assured the public that the situation has been resolved.
In a release sent Friday afternoon, the RMOW said that the breach, which was first discovered Dec. 28, appears to be an attempt to redirect web traffic to "different, and most likely, illicit websites."
After taking action to "identify, contain and resolve the issue," RMOW staff learned, on Jan. 3, that personal information collected through forms on the website may also have been at risk.
"Action was quickly taken to remove the webforms and any associated personal information from the site. The entire site was then returned to an earlier, uncompromised version," the release read.
The municipality is now reaching out to people whose personal information was stored on the website—although it does not appear the hackers were searching for personal data, the RMOW noted. Data such as credit-card and social-insurance numbers were not stored on the site, and the RMOW said information from third-party sites, such as parking ticket payments and homeowner grants, was not impacted in the breach.
"The privacy of people’s personal information is a top priority for our organization,” said Whistler Mayor Jack Crompton in the release. “Our current response reflects this commitment.”
The website was scanned regularly leading up to the breach, the release stated, and the "latest security patches" have always been applied to the Whistler.ca content management system and server. The RMOW said hackers exposed "an obscure vulnerability that could not have been applied as part of the regular updates, patches and ongoing monitoring efforts."
The municipality said it is now scanning the website several times a day for malware, and that a security audit would be taking place in the coming days.
In October, the RMOW unveiled a new design for its municipal website that it said was aimed at improving user access to frequently-visited municipal information and online services. The website last underwent a design and architecture upgrade in 2013, with an operating system upgrade and minor homepage refresh in 2015.
See the original story here.