Thank you to the entire swimming community for your support and patience as we continue to assess the scope and nature of the recent third-party cybersecurity incident’s impact on our registration system.
First off, a big thank you to the provincial sections who have been working closely with us to develop operational plans. Swim meets have continued to happen as we have worked with our partners to implement procedures and processes including interim meet entry, meet sanctioning and results processing. We are also working on developing interim registration processes for new members and swimmer upgrades, and identifying what can be done within the Learning Management System (LMS) for coach and officials education.
Here is what we know about the scope and nature of the incident thus far:
- On Jan. 16, we discovered a cybersecurity incident affecting a third-party service provider that hosts some of Swimming Canada’s data. The hosted data includes personal profiles of members, coaches and officials as well as historical results from competitive events. It did not include any financial information such as credit card details; Swimming Canada does not store this type of data.
- Upon detection of this incident, we undertook immediate measures to verify the integrity of Swimming Canada’s network. We engaged a leading cybersecurity forensic investigator and external counsel to assist in the investigation and recovery from this incident.
- The incident appears to have been limited to the third-party service provider’s network. There is no indication that Swimming Canada’s network was compromised.
- We understand that our service provider’s investigation is ongoing, as is the investigation we are conducting on our own infrastructure. We have no evidence to suggest that any personal information has been accessed. If that understanding changes as we gain further insight into this matter, we will alert affected individuals as soon as possible.
- We have reported the incident to the RCMP’s National Cybercrime Coordination Centre and the Canadian Centre for Cyber Security.
- We have had multiple communication touchpoints with our provincial section leaders, and made a short public statement as we continued to assess the situation.
- All of Swimming Canada’s data up to Sept. 20, 2022 has been recovered through a back-up.
- We have created an email address to help answer questions regarding the cybersecurity incident and any privacy concerns of our members: [email protected]. (Response times are estimated at 48 hours.)
Having access to the backup is good news. We still have work to do to restore our systems to full functionality. We will continue working closely with the provincial sections to develop interim operational processes to keep our business and sport moving forward, while working to update the data in our systems as quickly as possible. We will continue to share information with the community as it becomes available.
This event was unexpected and caused a significant impact to our operations, but this is not the first time we’ve managed a crisis working together with our partners. Not too long ago the global COVID-19 pandemic essentially halted our operations almost overnight. We found a way to come out the other side more resilient than we were before, and we believe the same story will unfold here. Throughout this past week we have once again seen the resilience of our community as we have collaborated with our provincial partners to implement new plans and make sure swim meets keep running across the country.
We will continue to work together and we will once again come out of this stronger than ever.
Ahmed El-Awadi, CEO