Ontario tax payers are now liable for 5 million more dollars after the cyber-insurance provider for the city denied claims about a February ransomware attack. The insurance stated that Hamilton knew in 2022 that MFA was required for their contract, but still didn't implement it in his company. The attack halted 80% of city systems and demanded 18.5 million dollars of ransom. Cybersecurity investigators brought in after the attack came to the conclusion that it was due to lack of leadership urgency that MFA was not fully implemented. Hamilton denied paying the ransom and has now spent 4 million dollars on recovery attempts and will spend 400 thousand more each month projected until late 2026 to try to salvage their system. One article stated that they would have saved millions by spending the few minutes it would have taken to use MFA.