Albertans' personal data up for sale after hackers extort health company
Personal information belonging to Albertans has been leaked online and posted for sale after a health care company was hacked, CTV News has learned.
Ontario-based Homewood Health told CTV News it was hacked earlier this year and has recently begun contacting affected companies and agencies whose information may be compromised, including several in Alberta as well as in B.C. and Ontario.
It's not clear how many Albertans were affected by the breach.
CTV News has confirmed at least some of the information leaked online is authentic, though the bulk of the data is still on the auction block at Marketo, a site that describes itself as a "leaked data marketplace."
The data appeared to draw hundreds of bids from prospective buyers.
"An investigation is currently underway and actively involves external cybersecurity and privacy experts working in consultation with law enforcement and provincial privacy authorities," reads a statement from Homewood Health.
"These experts are working diligently to understand how the information was obtained and what information has been affected."
Alberta's Workers' Compensation Board and the City of Spruce Grove told CTV News they were among those affected by the leak.
"We are still confirming the extent of the breach, but understand it includes information supplied by WCB-Alberta employees who accessed support from their employee and family assistance program," reads a statement from WCB-Alberta, noting an investigation is ongoing.
"We have been assured that the provider is taking the appropriate steps to investigate and respond."
The City of Spruce Grove says it was informed Friday morning that it was affected by the breach.
"The information accessed was general in nature about the City and not related to personal information," reads a statement from the city.
Homewood Health says it will be notifying those affected by the breach but wouldn't specify how many people that would be.
It previously told CTV News Vancouver that state-sponsored Chinese hackers Hafnium, who victimized thousands of companies earlier this year, were likely behind the breach.
The Office of the Information and Privacy Commissioner of Alberta says it was initially unaware of the breach but has since been in contact with Homewood Health and is awaiting an official report.
'LEAKED DATA MARKETPLACE'
Marketo, which has the same name as an online marketing company by Adobe but bears no connection, calls itself a “leaked data marketplace” but it’s perhaps more accurate to describe it as an online clearinghouse for stolen information.
The first and most prominent listing currently on its website is for Homewood Health, and it showed nearly 300 bids have purportedly been made for the information so far.
When CTV News contacted the site, a representative countered Homewood’s description of events, insisting they researched the weaknesses of Homewood Health and other companies and attacked them directly, insisting they did not acquire the data as part of the Hafnium hack.
“I got to say it right away that we just sell company data. We do not have the intention to harm customers or clients of this company,” wrote a spokesperson identifying themselves as Mannus Gott. “If the company understands and is willing to accept responsibility for the leak, there will be no publication. Otherwise, we are not responsible for the safety of this data.”
They say on Thursday, some of the data will be sold and the rest will be published.
A Homewood Health representative told CTV News Vancouver the hackers had tried to extort the company over the information, characterizing it as a “dark web” scheme, but the Marketo website can be accessed by anyone with an internet connection.
“This isn't only on the dark web, Marketo group's site exists on the clear web too, so it's very easily accessed," explained online threat analyst Brett Callow, who works for Emsisoft on Vancouver Island.
“These types of incidents are extremely common and there are about 2,500 organizations that have had their data stolen and published on sites like this -- and that just within the last couple of years."
With files from Penny Daflos
CTVNews.ca Top Stories
'A step forward': New screening criteria for sperm donors takes effect
Canadians looking to grow their families with the assistance of sperm or egg donations should soon have more options for donors as the federal health agency does away with longstanding restrictions criticized as discriminatory.
Ontario Provincial Police arrest 64 suspects in child sexual exploitation investigation
Ontario Provincial Police say 64 suspects are facing a combined 348 charges in connection with a series of child sexual exploitation investigations that spanned the province.
U.S. presidential candidate RFK Jr. had a brain worm, has recovered, campaign says
Independent U.S. presidential candidate Robert F. Kennedy Jr. had a parasite in his head more than a decade ago, but has fully recovered, his campaign said, after the New York Times reported about the ailment.
What is whooping cough and should Canadians be concerned as Europe declares outbreak?
There is currently a whooping cough epidemic in Europe, with 10 times as many cases compared to the previous two years. While an outbreak has not been declared nationwide in Canada, whooping cough is regularly detected in the country.
Pfizer agrees to settle more than 10K lawsuits over Zantac cancer risk: Bloomberg News
Pfizer has agreed to settle more than 10,000 lawsuits about cancer risks related to the now discontinued heartburn drug Zantac, Bloomberg News reported on Wednesday, citing people familiar with the deal.
Case against ex-Mountie charged with helping China can go ahead in Quebec, judge says
A Quebec court judge has ruled that the case against a former RCMP officer charged with helping China conduct foreign interference can go ahead in the province.
Steve Albini, legendary producer for Nirvana, the Pixies and an alternative rock pioneer, dies at 61
Steve Albini, an alternative rock pioneer and legendary producer who shaped the musical landscape through his work with Nirvana, the Pixies, PJ Harvey and more, has died. He was 61.
Ippei Mizuhara, ex-interpreter for baseball star Shohei Ohtani, will plead guilty in betting case
The former interpreter for Los Angeles Dodgers star Shohei Ohtani has agreed to plead guilty to bank and tax fraud in a sports betting case in which prosecutors allege he stole nearly US$17 million from the Japanese baseball player to pay off debts, federal prosecutors said Wednesday.
Watch fighter jet pilots pummel fake enemy ship off coast of Philippines
The United States and Philippines held annual joint-training drills just off the Southeast Asian nation’s western coast on Wednesday. Military forces sunk a 'mock' enemy warship – the BRP Lake Caliraya, which was a decommissioned tanker made in China.