Resource Center
Resource Center
Expert Insights and Tools for Fortifying Your Cyber Defense
Elevate your cybersecurity expertise and strengthen the security posture of your organization with expert guidance, industry best practices, and research insights from Enterprotect.
Yves Rocher Data Leak Impacts 2.5 Million Canadians
Globally operated cosmetics company, Yves Rocher, experienced a large scale data leak after an unprotected database exposed the personal information of millions of Canadian customers. Included in the data was company insights, future promotions, customer information and other valuable data that could all be used against the company by competitors and even bad actors. The compromised data also included employee credentials from a previous data breach where information could be modified or deleted. f
$7-$10K Ransom Request Refused by Municipal Ontario Government
On June 30th, hackers exploited a network vulnerability to access the government’s system infecting it with ransomware that cut off access to vital services. While many services were restored within days, government employees still cannot access their email accounts. Officials are refusing to pay the $7,000 to $10,000 ransom payment, and they are attempting to restore services using other measures
Well Prepared Boyd Group Hit By Ransomware Attack
An internal notification system detected a ransomware attack on June 27th, causing the company to shut down some of its services. Many of the company’s offices were able to continue operations uninterrupted, however, some locations were temporarily disabled, causing them to lose sales during that period. Fortunately, the company previously established a ransomware response policy that dictated immediate actions and prevented the malware from spreading further into their network.
Former Credit Union Employee Creates Data Breach Affecting 2.9 Million Customers
A former employee of the financial group, Desjardins, made off with personal data from millions of customers by accessing the company’s network. The breach entailed a significant amount of personally identifiable information that will surely impact both personal and business customers.
BEC Phishing Scam Tricks City into Transferring $530K
A recent email phishing attack was deployed against the City of Burlington, where hackers were able to successfully trick staff members into thinking that they were dealing with established city vendors. By not cluing in on time, the city sent $503,000 to a falsified bank account. The government is now working on updating and implementing new protocols to prevent incidents like this from happening in the future.
2,841 Patients Impacted by Phishing Attack
Hackers were able to gain access to thousands of patients’ information stored on an employee’s email account. The employee was tricked into submitting his credentials to the hackers via an email that was originally thought to be from the company’s IT department. Nova Scotia Health Authority took nearly a month to size up the details of the data that was compromised and still cannot verify the specific data exposure.
Thousands Impacted By Freedom Mobile Server Leak
Thousands of Freedom Mobile customers had their personal information compromised in an unencrypted database. Security researchers found that the database was without a password and written in plain text. Information included: customers’ email addresses, phone numbers, home addresses, dates of birth, account numbers and IP addresses. Financial information was also found on the server, including: credit card numbers, security codes and credit scores.
Ransomware Leaves Mitsubishi Aerospace Without Internet and Network Access
“Your network has been penetrated. You will receive a BTC address for payment.” This was the daunting message notifying the employees at Mitsubishi Canada Aerospace after a ransomware attack took hold of their network. Reports state that the company’s manufacturing capabilities are unaffected thus far, however, the company’s facilities have been without internet service since the attack.
8,000 People Warned After BC Pension Plan Data Leak
Approximately 8,000 members of the BC College Pension Plan have received notifications that their information may be at risk of exposure after a data breach was discovered. After moving offices earlier this year, the BC Pension Corporation noticed one box was unaccounted for. Contents of the box included personal information of members who worked from 1982-1997. After being unable to track the location of the box, the company played it safe and declared a data breach.
Small Risk, High Costs After Ransomware hits CIRA Parking Garage
A ransomware attack was able to penetrate the system of the CIRA parking garage, allowing anyone to enter without security clearance and to essentially park for free. The attack lasted two days as systems were without backups and the entire system had to be restored. Operated by a private company, Precise ParkLink, CIRA said they have no knowledge of the cyber security measures at the parking company. Because the systems are not connected, the ransomware did not affect any of CIRA’s systems.
Alberta Patients Warned After Data Breach Exposes Medical Info
A data breach to Natural Health Services in Calgary exposed the personal information of an unknown number of clients. Some time between December 4, 2018, and January 7, 2019, attackers were able to gain access to the electronic medical records (EMR) system of Natural Health Services. Exposed files contained personal health information including Medical Diagnoses and Referral Data.
Richmond, BC Facility’s System Shutdown in Lieu of Ransom Payment
With a major disruption to operations, the trickle down affect of a recent breach to Container World has many crippling implications to their organization and smaller customer base alike.
40K Canadians Potentially Impacted By Lost Gov’t Employee Laptop
Last May, a government employee’s laptop containing thousands of personal files, including sensitive health information., was stolen out of a car. The theft resulted in a severe privacy breach that is estimated to affect up to 40,000 Canadian citizens. Officials have turned their eyes on inadequate privacy training as the primary issue stating that managers have been instructed to delete sensitive data after use. Next steps in remediation will now include a list of new privacy initiatives and protocol to be implemented by 2020, incurring large investments of time and money.
14.8 Million Accounts Exposed In 500px Data Breach
Over half a year later, online photo sharing platform, 500px, has reported that their servers were hacked in July 2018. At first glance, the extreme delay in communications is a highly questionable move but the company has reported that it just gained knowledge of the attack earlier this month. Fears of credential stuffing, identity fraud and further targeted attacks for those affected by the breach have set in as months have gone by without any monitoring of their credentials or accounts.
CarePartners Ransomware Attack: $60K Bitcoin Demand Threatens Data Exposure
In June of 2018, Ontario-based healthcare provider, CarePartners, was victimized by a ransomware attack. The financial organization is still facing critical fallout from the attack as attackers are threatening to expose stolen employee information in what is referred to as a “data dump.” Information, including: Employee Earnings, Contractor Details, Names, Addresses, Social Insurance Numbers and Wages is all being threatened to be exposed unless the company pays hackers the requested amount of 5 bitcoins (equivalent to $60,000) for the decryption key.
Thousands of Canadians Affected As CRA Employees Caught Snooping
After initially investing $10M on prevention in 2017, the CRA is now having to augment spending as an internal breach has exposed records of over 41,000 Canadian tax payers. Thousands of Canadians had their personal and tax information compromised by CRA employees who were caught inappropriately accessing files. In total 264 workers were reprimanded, 182 faced disciplinary actions, 36 await a pending decision and 46 have left the organization.
$100’s of Thousands Stolen as Coast Capital Members Targeted In Phishing Ring
A ring of phishing scams targeted banking customers at Coast Capital Savings. A reported 140 members had thousands of dollars stolen from their accounts in the attacks that spanned from November to December of last year. On average victims lost $3,000-$6,000 with the total figure in the hundreds of thousands of dollars range. Public concerns have risen as the financial institution is unsure of how the funds were accessed or even if victims will be reimbursed.