Toronto police are scrambling to alert more than 600 citizens who reported minor crimes online after the service's website was hacked and personal names, email addresses and home telephone numbers were publicly exposed.
Aaron Titus of the U.S.-based web security company Identify Finder tells CBC News that he tracks a series of hackers and then reveals their exploits — to help promote his business and an appreciation for online security.
Titus discovered that over the weekend a hacker going by the Twitter handle @teamdigi7al breached the website of the Toronto Police Service and stole reams of information and then publicly posted it.
Among the compromised data are names and email addresses of news release subscribers. But more serious are some 664 names, home addresses and phone numbers of people who reported minor crimes via the "Citizens Online Crime Reporting" portal.
Titus, in his initial news release, suggested that the hack involved "names, addresses, phone numbers, and email addresses of 664 police informants" along with dates of birth and suspect descriptions.
However, that's not quite the case.
Hackers posted news police releases that named suspects. But the material from the Citizen Online Crime Reporting portal only involves people who went to the website to file minor theft, property damage and lost and found complaints. The website expressly discourages reporting of any crime where the citizen knows the culprit, or if there was any threat to a person. It also expressly states the complaint must be minor, involving lost or stolen material worth less than $5,000.
Toronto police underscore that to suggest these are names of "police informants" is inaccurate.
However, according to Toronto police social media and corporate communications officer Scott Mills, the TPS is scrambling to contact all 664 of the citizens affected to explain what has happened. Some citizens have expressed concern at the vulnerability of the police website.
Mills confirms a similar hack has also been perpetrated on the Montreal police service in recent days.
And, according to Titus, the same hacker — @teamdigi7al — has also recently breached the security of other websites including the University of British Columbia, Natural Resources Canada, the Canadian Armed Forces and the P.E.I. legislature website.
However, those breaches appear to have been minor and not resulted in any major compromise of personal information, Titus told CBC News in a Skype interview from Utah.