Ransomware Hits Canadian Federal Contractor Bird Construction

Exploit: Ransomware
Company: Bird Construction
Industry: Construction
Source: https://www.cbc.ca/news/politics/ransomware-bird-construction-military-1.5434308

Questions have risen about how the Canadian Government performs business with organizations that may be susceptible to cyber attacks after a Toronto based construction company was hit with Ransomware in December 2019. Bird Construction, who has won millions of dollars of military and government contracts with the Canadian Government, had 60 GB of data stolen by an infamous cyber threat group.

According to reports, the threat group has published some of the data on the clear-web for anyone to access. The data exposed some highly sensitive information of a couple Bird employees’ records including their names, home addresses, phone numbers, banking info, social insurance numbers, tax forms, health numbers and even drug test results. This info is more than enough to fetch a large return on the Dark Web where bad actors can parlay the information into further cyber attacks on the individuals or complex identity fraud.

Company officials have not disclosed if Bird Construction has paid the ransom but they have detailed in reports that they are working with “…leading cyber security experts to restore access to the affected files.”

With 48 contracts worth over $406 million in previous work with the Department of National Defence, the big question was whether any of the government’s information was exposed. Initial reports are showing that this was thankfully not the case. As reported in CBC’s article, “…there are different levels of security clearance depending on whether a contractor has access to classified information,” further stating, “ A spokesperson for Public Services and Procurement Canada said the department is working to ensure all companies are properly vetted.”

Both the government and the public are asking for companies to have better cyber hygiene to ensure their data is safeguarded and protected from the threat of exposure. In Bird Construction’s case, the risk of compromise has been mitigated to its own data and employee information so far. However, not all cases end up this way and when it happens, not even the government has enough policies in place to deal with data breaches once their data is breached. Ultimately it comes down to the fact that human error reduction and employee awareness are still the front line of defences that we have against data breaches throughout the supply chain and from within each individual organization.

Protect Your Business Against Modern Cyber Threats

More than ever, organizations of all sizes have been facing a historical rise in cyber attacks and data breaches. Talk to a cyber security expert today and find out how we can provide expert consulting and a portfolio of Cyber Security solutions designed to protect your organization against today’s most prevalent threats.