Yukon Ombudsman Yukon Information and Privacy Commissioner Yukon Public Interest Disclosure Commissioner

Yukon Information and Privacy Commissioner

Yukon Information & Privacy Commissioner issues advisory on recent security threat to users of Java

Tue, Dec 21, 2021

WHITEHORSE – The Yukon Information and Privacy Commissioner (IPC), Diane McLeod-McKay, has issued an advisory to assist Yukon organizations in learning about a recent security threat. A security issue has arisen recently which could affect users of a logging utility in the Java programming language. Her advisory is specifically aimed at helping custodians, set out in the Health Information Privacy and Management Act (HIPMA), and public bodies, set out in the Access to Information and Protection of Privacy Act (ATIPPA).

The threat is serious enough that many experts have been describing it as having “set the internet on fire.”

“Custodians and public bodies in the Yukon are legally obligated to protect the personal health information or personal information that they hold,” said McLeod-McKay. “The recent security threat has the potential to put this information at risk of unauthorized access or theft, or could make the information unavailable to the organizations that hold it.  Because some organizations may not be aware of this threat, we are providing some information to help them learn about it and about ways to mitigate the risks of a breach.”

Earlier this month, the Apache Software Foundation issued an advisory regarding a vulnerability on Log4j, a logging utility written in the Java programming language, which is widely used. There have already been reports of exploitation, data theft and ransomware attacks as a result of this security issue.

View our advisory for custodians and public bodies regarding the Log4j vulnerability here.

“We highly recommend that custodians and public bodies read our advisory, and then work with their IT department or IT service provider to reduce as soon as possible the risks of a breach to the personal health information and personal information that they hold,” added McLeod-McKay. “They should also be aware of their duty under law to report any breaches of personal health information or personal information to the individuals affected and to my office if there is a risk of significant harm as a result of the breach.”

The Ombudsman, Information and Privacy Commissioner, and Public Interest Disclosure Commissioner is an independent officer of the Yukon Legislative Assembly. For more information, please go to www.yukonombudsman.ca.

To download a PDF of this news release, click here.


Elaine Schiman
Communications Manager
Office of the Yukon Ombudsman, Information and Privacy Commissioner & Public Interest Disclosure Commissioner

Follow us on Twitter