#CyberFLASH: Canadian data breaches in 2015: Big firms weren’t the only targets


Of all the publicly-disclosed data or privacy breaches in this country in 2015, one topped them all by a wide margin: Ashley Madison.

With over 30 million records exposed from the dating site, a $578 million class action suit filed against parent Avid Life Media, the CEO resigning after his emails were published, the attack is easily one of the largest reported in Canadian history.

But it’s easy for infosec pros to sit back and think, ‘Thank Gawd my company isn’t such a big fat target.’ Instead, they should remember all of the smaller breaches that happened this year as a lesson that corporations and government departments aren’t the only targets. Here’s just three of them:

— A successful phishing attack in September against the Association of Professional Engineers and Geoscientists of Alberta (APEGA) yielded members’ names, email addresses and association ID numbers. The vehicle was an email supposedly from CEO Mark Flint. The association has 75,000 members, but it didn’t say how many names were exposed;

–This month a Calgary wine store had to pay $500 in Bitcoin to meet a ransomware demand or lose access to its database. According to the CBC, after paying the company an unofficial receipt thanking it for the involuntary “purchase;”

–Worried about insider threats? Here’s one you weren’t thinking about: Senior bureaucrats at British Columbia’s District of Saanich approved the installation of monitoring software on certain computers — including the mayor’s. Somehow he didn’t get told. Among other things, staff were afraid he might discover IT security shortcomings.

These are some of incidents involving better-known organizations:

–A Rogers Communications staffer was the victim of a phishing attack that led to the loss of a “small number” of business agreements, which included business name, address, phone number and pricing details of the corporate customers, but not personal or financial information;

Read more here

About canux
© 2013 CyberTRAX Canada - All Rights Reserved.
Sponsored by C3SA Corp.