Bob Mackin (updated March 20)
ICBC spoiled St. Patrick’s Day for millions of British Columbians waiting to put some green back in their pockets.
That is when the basic insurance monopoly revealed that its pandemic rebate cheques are delayed because the printing and mailing contractor suffered a cyberattack.
theBreaker.news asked ICBC for the name of the contractor, but it did not provide that information on March 18.
Likewise, Solicitor General Mike Farnworth did not tell reporters the name of the company, although he said it was based in Kanata, Ont.
Since then, theBreaker.news has confirmed that ICBC awarded a $500,000 printing and mailing services contract on Nov. 5, 2020 to Docu-Link International dba Gilmore Doculink in suburban Ottawa.
The request for proposals said ICBC needed a supplier to print and mail the one-time Enhanced Care cheques and letters to 2.9 million customers. That means the pandemic rebates will be tied to the ongoing $3.3 million ad campaign promoting ICBC’s switch to no-fault insurance.
Gilmore’s website says it is based on a 463,000 square foot campus that includes a software development and IT infrastructure support company.
On March 19, at 7:51 p.m. Pacific time, parent company R.E. Gilmore Investments finally responded by way of a statement on the Canada Newswire service, admitting it had suffered a ransomware attack on March 12 — five days before ICBC’s vague news release.
Gilmore says it turned off its services, retained a cyber incident response firm and reported to authorities, including the federal Canadian Centre for Cyber Security. Gilmore says the majority of its services “came online early this week” and its contractor said its network is free of malware.
“Interactions with the threat actors earlier in the week gave us strong indications that they do not have any data in their possession,” the statement says. “While encouraged, Gilmore will nonetheless have its expert conduct a thorough investigation including, to determine how the hackers compromised its network.”
theBreaker.news confirmed that ICBC was notified by Gilmore about the incident on March 13.
The NDP government has not explained why it hired an out-of-province company or why it is not relying on direct deposit. The government has its own in-house mail production company, BC Mail Plus. ICBC’s list of suppliers for the year that ended March 31, 2020 showed $2,375,969 spent with BC Mail Plus.
Sending paper cheques, covering letters and envelopes by Canada Post seems to contravene the ideals of the NDP’s CleanBC climate change plan.
The cyberattack is the latest in a string of incidents bedevilling the befuddled NDP government.
ICBC supplier Craftsman Collision, LifeLabs, B.C. Pension Corporation, TransLink and even the B.C. Legislature have all suffered embarrassing privacy breaches in the last two years.
During the 2017 provincial election, John Horgan’s NDP made a promise that it has not fulfilled to enact mandatory privacy breach notification.
“We agree that mandatory breach notification would benefit the public by enhancing accountability and transparency, and helping to mitigate the serious fallouts of privacy breaches and as government we will take action,” the party told the B.C. Freedom of Information and Privacy Association. “We will consider best practices both across Canada and internationally for breach notifications in both the public and private sectors to determine a made-in-B.C. policy.”
Support theBreaker.news for as low as $2 a month on Patreon. Find out how. Click here.