in which the town ’ s network was illegally accessed and infected with ransomware . The malware was able to encrypt a number of town systems rendering them unusable . The town has received a ransom demandAttack.Ransomto decrypt them . Town staff worked quickly to isolate the attacked and activate a cyber incident investigation . According to town staff , the necessary steps are being taken to restore access to the system and files and to try and return operations to normal as quickly as possible . “ Residents can rest assured that we are taking this matter extremely seriously , ” said Mayor Gord McKay . “ We are working closely with cybersecurity experts that specialize in these types of illegal attacks , and we have reported the incident to law enforcement and the Information and Privacy Commissioner of Ontario. ” Vital services , such as fire and water and wastewater management , were not impacted as these systems are purposely isolated for security reasons . Ongoing investigations have not found any evidence that information was removedAttack.Databreachfrom the system or inappropriately accessedAttack.Databreachand cybersecurity experts are working quickly to rule out that possibility . In late April , Wasaga Beach had their computer systems hacked and locked down for several weeks . The town eventually paidAttack.Ransomthe hackers three Bitcoins , worth approximately $ 34,000 . However , other costs including loss of productivity , new hardware and consultant fees were estimated at a combined $ 250,000 . Based on the recommendations outlined a recent service delivery review and lessons learned from the cyberattack in Wasaga Beach , Midland had secured an insurance policy for protection in the event of such illegal activities . A strategy to address cybersecurity threats had been developed , which the town was in the process of implementing . “ At the time of the attack the town was in the process of making several improvements to our IT security , ” said Midland chief administrative officer John Skorobohacz . “ Once systems are fully restored , we will continue with those plans and look for additional opportunities to enhance our security based on the guidance of cybersecurity experts . ”
The most recent breachAttack.Databreachof smart teddy bears -- which can receive and send voice messages from children and parents -- have been involved in a data breachAttack.Databreachdealing with more than 800,000 user accounts . The company behind the products , Spiral Toys , is denying that any customers were hacked . Zach Lanier , director of research at Cylance , went through the more famous incidents involving toys and breaches and offers a tip with each case . This may have given attackers accessAttack.Databreachto voice recordings from the toy 's customers , by allegedly making the mistake of storing the customer information in a publicly exposedAttack.Databreachonline MongoDB database that required no authentication process . Thus anyone , including the attackers , was able to view and stealAttack.Databreachthe data . CloudPets placed no requirement on password strength , making it much easier to decipher passwords . Tip : Always create a secure password , no matter the strength requirement . Include lowercase and uppercase letter , symbols and numbers . Use a password manager to help create and store unique passwords for sites and services . A line of stuffed animals , these connected toys combine with a mobile application that was vulnerableVulnerability-related.DiscoverVulnerabilitydue to a number of weak APIs , which didn ’ t verify who sent messages . This meant that an attacker could guess usernames , or email addresses , and ask Fisher-Price for server return details about associated accounts and children ’ s profiles , which provides their name , birthdate , gender , language and toys they have played with . Tip : If the IoT device connects to a mobile app or desktop computer , it is important to examine how it connects . If the start of the URL address is http rather than https , which is the secure version of HTTP , then your device is making a less secure connection . The doll has a microphone and accesses the internet to answer your child 's questions . Moreover , criminals could have the ability collectAttack.Databreachyour personal information . Tip : If the toy does require Wi-Fi , make sure it supports modern , more secure Wi-Fi capabilities like WAP2 . Their speech-recognition software maker Nuance Communications violated federal rules by listening to children and saving the recordings . It ’ s valuable to know how they are using your data . Don ’ t provide personal information that seems extra or unnecessary . VTech had its app store database , Learning Lodge , hacked . As a result of the breachAttack.Databreach, over 11.6 million accounts were compromisedAttack.Databreachin a cyberattackAttack.Databreach, exposingAttack.Databreachphotos of children and parents as well as chat logs . The profile data leaked included their names , genders and birth dates . Tip : Check to see if the manufacturer has had any cybersecurity issues in the past , and if so , how they responded . Alternatively , if the company is relatively new , your device is definitely at greater risk . The interactive toy has the ability to communicate and record conversations . Those conversations are sent to the company ’ s servers , analyzed and then stored in the cloud . The toy was criticized for spying on kids by recording their conversations . Through Wi-Fi , attackers can hijack the connection to spy on your children , stealAttack.Databreachpersonal information , and turn the microphone of the doll into a surveillance device . Tip : Since the device is Wi-Fi enabled , confirm if the device supports modern security protocols . If the device only uses WEP or WPA ( but not WPA2 ) security standards , it may be too risky to use . Those versions are older and over time have become almost entirely insecure from attack