The City of Abbotsford, British Columbia discovered on July 16, 2013 that residents' names, addresses, bank account numbers and passwords may have been inappropriately accessed (h/t DataBreaches.net).
More than 10,000 letters [PDF] were sent to residents stating that "unauthorized access to data may have occurred through software used to run our online Web services."
For customers who pay property taxes through automatic withdrawal, names, addresses and bank account numbers may have been accessed. My City Online users' passwords may have been exposed. Additionally, all property tax and utility billing data, property ownership, homeowner grants, dog license information and bylaw information and complaints may have been exposed.
City manager George Murray told the Abbotsford Times that a security consultant hired by the city believes the data was targeted for use in phishing.
The city says no credit card or debit card information was accessed, and the city's systems don't store residents' Social Insurance Numbers or driver's license information.
"The security flaw has been addressed and most of the City's online services have already been restored," city director of legislative services Bill Flitton wrote in the notification letter [PDF]. "City of Abbotsford is contacting residents to reassure them that every precaution has been made to protect their information."