Media Advisory: YWCHSB website vulnerability
Between December, 2013, and March 6, 2018, a vulnerability was present in the software used to host the Yukon Workers’ Compensation Health and Safety Board (YWCHSB) website that could be used to access the names and email addresses of 270 people who signed up for the “Library” feature.
This information was accessed on two occasions by an unknown party in March 2017. It is unknown if the information had been accessed prior to that, as log files on the server maintain 24 months of activity data.
We became aware of the exposure on Friday, March 2, 2018. We immediately responded with our established information breach protocol and the vulnerability was resolved on Tuesday, March 6, 2018. On Thursday, March 8, 2018, we emailed all those whose information was exposed, to alert them.
The system used to host the YWCHSB website does not host any claimant or employer information. The system is physically separate from YWCHSB facilities and other information systems. There is no network connection between the system and other information systems. There is no risk that any personal, financial, sensitive or confidential information was accessed as a result of this breach.
Even so, people who chose to use the Library feature on our website expected us to protect the privacy and confidentiality of the information they used to register. We find it regrettable that their names and email addresses were accessed as a result of this vulnerability.
We understand that this matter is highly concerning, and our intention is to be as forthcoming about it as possible. To that end we are inviting all local media to a technical briefing at 9:00 a.m. on Friday, March 9, in our office at 401 Strickland Street. Please arrive a few minutes early to accommodate our sign-in process.
Yukon Workers’ Compensation Health and Safety Board