Confidential data stolen | Hackers claim responsibility for Yellow Pages cyberattack

Hacking group Black Basta claimed responsibility for a cyberattack on the Yellow Pages on Saturday. Copies of passports, RAMQ cards, statements of account and driver’s license: The Press found on the hidden web samples of stolen confidential information, in particular from Quebecers.




This alleged cyberattack follows a classic ransomware modus operandi, meaning that the gang unveiled samples of the stolen data online on its hidden web blog to put pressure on the targeted company.

In this case, it’s the Yellow Pages, this directory that brings together the information of thousands of Canadian businesses and consumers.

The extent of the information leak is not known.

At the time of this publication, the Yellow Pages had not responded to an emailed request from The Press. On Saturday, a call to the Yellow Pages customer service number ended with the message: “communication could not be established”. The general company number hung up automatically.

At the beginning of April, the Canada 411 website had been inaccessible for a few days, had been able to observe The Press. THE Montreal Journalin an article published on April 7, attributed the outages to a ransomware cyberattack, according to a source familiar with the matter.

“During these hacks, a lot of personal information is exfiltrated. They are trading techniques, because not all the information is published, just a small sample, explains Karim Ganame, head of cybersecurity at Streamscan. The goal is to increase the pressure on the victim. And if nothing is done, all the information will be exfiltrated. »

Sensitive information stolen

On the hidden web, Black Basta published samples of very sensitive information on several people, including Quebecers. Included are copies of Canadian passports, Quebec and British Columbia driver’s licenses, Régie de l’assurance- maladie du Québec (RAMQ) cards, and a tax return containing the individual’s social insurance.

According to our information, some of this data could be linked to employees or ex-employees of the company. The Yellow Pages employ approximately 700 people nationwide.


SCREENSHOT THE PRESS

Copies of confidential documents released by Black Basta

The names of a few companies, anonymized statements of account and the sales contract of an Ontario company are also disclosed.

Copies of a series of bills from restaurants located at the same address as the Yellow Pages in Montreal, rue Richardson, have also been made public.

“What is surprising is that this type of data is not adequately protected,” says Mr. Ganame. When it comes to data protection, companies [au Canada] are quite late, he adds. We collect the data, we store it on the systems, but we put in place very few measures to [les protéger]. »

We were able to get in touch with a person whose data was leaked. She preferred not to speak publicly until she secured her information. She confirmed to us that she had not been notified by the Yellow Pages of the situation.

Claimed attack

On Friday evening, the cyberattack monitoring group BetterCyber ​​posted an alert on Twitter about this attack claimed by Black Basta.

“#BlackBasta#ransomware claims to have #hacked Yellow Pages Canada,” the Tweet read.

Although directly challenged on Twitter, Yellow Pages (the Yellow Pages) did not respond publicly on the social network on Saturday.

“Getting hacked is taboo in general, but it’s not something exceptional,” notes Mr. Ganame. However, a company well prepared for this type of attack would have, according to him, a plan to inform the people affected by the information leak.

“By default, the Yellow Pages should consider that all internal data has been affected,” adds the expert. People at risk should be alerted, as should the Commission d’accès à l’information.

Companies have not yet grasped the magnitude of the threats posed by cyberattacks, also deplores Mr. Ganame. “They must act, they must consider that the threat is there, and they have an interest in deploying the right tools. »

Black Basta is an active ransomware gang. On April 20, the London-based business services giant Capita confirmed that it had been the victim of a cyberattack on its part, according to the Bleeping Computer site. About 4% of Capita’s server infrastructure was reportedly affected.

It was also Black Basta who, in November 2022, attacked the Empire group, which notably operates IGA supermarkets.

With information from Hugo Joncas, The Press

What about Law 25 in all this?

Law 25 on cybersecurity, passed last September, should ultimately better protect citizens in cases of hacking like this. But all is not won, according to cybersecurity expert Steve Waterhouse. The alleged cyberattack against the Yellow Pages “is a typical case to study the full scope of information leaks and the organization’s liability”, he said. “If I make a comparison with Europe, over there, they have an obligation to report such an event within 72 hours. Here it is as soon as possible. It’s a big distinction. »

“This is another fine example of security by obscurity – an outdated way of doing things that no longer has a place in 2023 and beyond,” Mr. Waterhouse also wrote on Twitter. Transparency is key, because once the data has [fuité], they are unrecoverable. »

Learn more

  • 125,000
    Number of Canadian businesses that use Yellow Pages services

    75.6%
    Yellow Pages revenue that comes from digital

    Yellow Pages website


source site-63

Latest