The District of West Vancouver has issued a public warning after discovering malicious software on its website that potentially accessed years' worth of personal data.
The malware was found on a web server on WestVancouver.ca this month, and while the district said there's no evidence anyone's personal information was compromised, "the possibility of compromise cannot be definitively ruled out."
Anyone who used an online form to send personal details to the district between July 15, 2013 and Aug. 14, 2018 is potentially affected, according to an alert on the district website.
That includes people who used the "Contact Us" and "Request for Service" sections of the site, but also anyone who ordered recycling boxes, offered feedback on council initiatives, submitted an entry in a student video contest, or applied to be a volunteer.
"Examples of the personal information contained in these forms may include addresses, phone numbers, email addresses, and IP addresses," the district said.
West Vancouver has already deleted all personal data stored on its server and temporarily disabled all online forms as it works to implement stronger cybersecurity measures.
"Once we are assured that additional security measures put in place are effective, the forms will be enabled again on a limited basis. In the future, data will be removed from the web server on a regular basis," West Vancouver promised.
People who believe they submitted personal information to the website at some point since July 2013 are advised to "exercise caution if approached by unknown individuals," though the district maintains there is no clear indication their data was stolen.
