Billing database compromised in QEC cyberattack, says VP
Corporation continues to urge customers to monitor financial accounts out of ‘abundance of caution,’ says VP of operations
The cyberattack against Qulliq Energy Corporation last week targeted a number of the corporation’s databases, including payment processing.
Bill Nippard, QEC vice-president of operations and engineering, provided some new information about the attack and subsequent investigation to Nunatsiaq News Monday.
The energy corporation, which supplies power to Nunavut’s 25 communities, announced Jan. 19 that it was the target of a cyberattack earlier that week.
Investigators still have not determined whether QEC customers’ financial information has been compromised and the corporation is still urging customers to monitor their financial accounts for unusual activity and consider changing their passwords.
“This all out of an abundance of caution,” said Nippard.
Power plants in the territory continue to run as normal.
What was attacked was the information technology side of QEC, said Nippard, such as databases for timesheets, payment processing and emails.
An employee discovered the problem when they tried to send documents to a vendor. When the emails didn’t send, the system seemed to be acting strangely.
That employee called the information technology help desk, who began to look into the issue.
“And that’s when they shut everything down,” Nippard said.
QEC is continuing its normal business, but the compromised systems are being managed manually for now.
“It’s inconvenient, obviously,” Nippard said.
In a news release last week, QEC said it has brought in cybersecurity experts and the Government of Nunavut’s information technology teams to determine the scope of the attack.
A full report on the attack will be provided to the QEC once the investigation is finished, Nippard said.
He told Nunatsiaq News he is not sure how long the investigation will take and he wouldn’t add any more detail, citing security concerns.
Other government bodies involved in investigating the QEC’s cyberattack include the Government of Nunavut, federal government and the RCMP.
When asked why he thinks QEC was targeted, Nippard said cyberattacks have become a worldwide phenomenon.
“We’re just the latest in a long line of companies that have been attacked by cyber criminals,” he said.