Yellow Pages Canada, one of the leading companies in Canada that offers both online and print directory services, has recently reported a cyberattack that resulted in the loss of customer data. The attack was carried out by a hacking group called Black Basta, which has claimed responsibility for collecting personal information from around 300,000 users during the incident. Yellow Pages Canada has acknowledged the attack, stating that it occurred on or after March 15th, 2023.
Yellow Pages Group, which manages several online services including YP.ca, YellowPages.ca, and Canada411, has taken swift action to secure its networks and investigate the incident. Unfortunately, the Black Basta ransomware and extortion gang has claimed responsibility for the attack and has made sensitive documents and data available over the weekend. After analyzing Black Basta’s online post, sources have confirmed that the ransomware group leaked a sample of sensitive documents containing personal information. This information is now publicly available and could potentially harm the affected individuals.
Reports indicate that the breach at Yellow Pages Group impacted certain employee and business customer data, although the company has not disclosed the specific type of data that was affected by the cyberattack. Franco Sciannamblo, Senior VP and CFO, said “As soon as we became aware of the attack, we immediately commenced a thorough investigation into this issue with the assistance of external cybersecurity experts to contain the incident and ensure that we had secured our systems.”
Threat intelligence analyst, Dominic Alvieri, was the first to notice the cyberattack on the Yellow Pages Group. He discovered that the Black Basta ransomware gang was sharing information about the company on their data leak website. Upon further analysis of the post, it was confirmed that the ransomware group had indeed leaked a sample of sensitive documents that revealed personal information.
This is not the first time Black Basta has targeted a Canadian company. Last year, the group also targeted the Canadian food retail giant Sobeys, which caused IT issues and malfunctioning point-of-sale (POS) kiosks. Additionally, earlier this month, the group claimed responsibility for another cyberattack on Capita, a UK-based professional outsourcing provider. In this instance, the group threatened to sell the stolen data to interested buyers unless Capita paid the ransom.
It is becoming increasingly clear that cyberattacks are becoming more sophisticated and harder to prevent. Companies must remain vigilant and take the necessary measures to secure their networks and protect their customers' personal information. It is also important for individuals to monitor their personal information and take appropriate action if they suspect that their data has been compromised. As we continue to rely more and more on technology, it is crucial that we prioritize cybersecurity to protect ourselves and our businesses.