A cyber-attack has been launched against the Canadian directory publisher Yellow Pages Group, the company has revealed. The ransomware and extortion organization Black Basta exposed private documents and data over the weekend, claiming credit for the attack. The Yellow Pages Group, established in 1908, currently owns and runs the YP.ca and YellowPages.ca websites as well as the Canada411 online service.
Even though directory services like Yellow Pages primarily gather and present public data, that does not mean they do not hold private business or individual data. According to threat intelligence expert Dominic Alvieri, the Black Basta ransomware group shared information on Yellow Pages Group on its data breach website last week. After examining Black Basta’s online post, the media has confirmed that the ransomware gang has disclosed a sample of private documents.
These comprise, but are not restricted to:
- ID documents that provide a person’s date of birth and address, such as passport and driving license scans
- Tax records that reveal Social Insurance Numbers (SIN)
- Sales and purchase agreements
- Spreadsheet titled “Accounts Receivable” dated February 28, 2023
- December 2022 prediction for the budget and debt
“Yellow Pages was recently the victim of a cyber attack,” Franco Sciannamblo, YP’s Senior Vice President Chief Financial Officer confirmed in a statement. “As soon as we became aware of the attack, we immediately commenced a thorough investigation into this issue with the assistance of external cyber security experts to contain the incident and ensure that we had secured our systems.”
They have cause to suspect, based on their investigation so far, that the unauthorized third party obtained specific personal information from servers housing personnel data for YP and restricted information about their corporate clients. They have informed the affected parties and reported the event to the pertinent privacy regulatory bodies. Their services have now mostly all been restored.
Dates on the few stolen documents, particularly the most recent ones, indicate that the cyberattack occurred on or after March 15th, 2023. Black Basta claimed responsibility for the cyberattack on Capita, a UK-based professional outsourcing business, earlier this month. If Capita didn’t pay the ransom, the extortion ring threatened to sell stolen data to interested purchasers.
The Canadian grocery retailer Sobeys was hacked by Black Basta the previous year, resulting in IT problems and broken point-of-sale (POS) machines. Over the last year, the ransomware organization has sprung into action with lightning speed, occasionally publishing many high-profile victims at once on its data leak page. Based on its bargaining strategies, cybersecurity professionals have hypothesized that Black Basta is a rebranded version of the Conti ransomware group.