5 Famous Cybersecurity Attacks In Canada
Cyber-attacks seem to be dominating headlines in many countries, and it isn’t any different in Canada. These attacks didn’t just start recently as they have been on for several years. Bad actors have always victimized Canadian organizations with the intent of stealing personal information. There have been many reported data breaches over the years, but some of these incidents have become very popular and almost unforgettable. Here are 5 of the most famous cybersecurity attacks in Canada.
First on the list is the cyber-security attack on Lifelabs, a company widely known to be the largest medical lab diagnostic service provider in Canada. It is reported to be the worst case of a data breach – not only in the last decade but also in the entire history of the country in terms of personal record count.
Although the attack occurred in October 2019 and was discovered by Lifelabs on November 1, the public did not become aware of the data breach until December 17. The attack targeted customer information, and data that was stolen included names, addresses, emails, patient login passwords, date of birth, and health-card numbers.
The company failed to protect the personal health information of 15 million Canadian residents while confirming that 85,000 customers’ lab test results dated 2016 and earlier were also stolen. The majority of the affected Canadians were in Ontario and British Columbia. Lifelabs, however, disclosed that it wasn’t sure how many of the files were accessed during the breach.
The testing giant hired a team of cybersecurity experts to fix the system issues while it paid a ransom to retrieve the stolen data from the threat actors.
One of the earliest data breaches was carried out by Michael Calce (better known as Mafiaboy). A high school student from Quebec, Calce was a 15-year old who brought down the websites of some of the world’s largest e-commerce companies in 2000. Some of the companies he shut down include Amazon, CNN, eBay, and Yahoo.
Mafiaboy unleashed a series of Denial of Service (DOS) attacks on the large sites, which shut down Yahoo for one hour, and the success moved him to bring down other sites like eBay, Amazon, and CNN, causing an estimated $1.7 billion in losses for the collective group.
The incident sent shockwaves around the world so much so that the US market was impacted by it as the hack frightened shoppers and changed the way the public thought about online safety.
He was eventually caught, but because he was still a juvenile, he was sentenced to eight months in a group home.
3. Chartered Professional Accountants of Canada
On June 4, the Chartered Professional Accountants (CPA Canada) disclosed that a cyber-attack on its website allowed unauthorized third parties to obtain the personal information of more than 330,000 of its members and stakeholders.
Although the website was attacked between November 30, 2019, and May 1, 2020, CPA didn’t learn of the data breach until April 20. The compromised information predominantly related to the distribution of Pivot, CPA Canada’s member magazine, and this includes names, addresses, email addresses, and employer names.
However, passwords and credit card numbers were safe from the bad actors as they were protected by encryption. After discovering the theft, the organization said it had beefed up its security measures and warned affected members to remain vigilant about any emails they may receive asking them to provide sensitive information or click links.
4. Desjardins group
Last year, Desjardins Group was the victim of a massive data breach that affected all of its 4.2 million members. Initially, the Quebec-based financial institution had announced that the personal information of nearly three million members was shared with a third-party by an employee, but further investigation showed that more people were affected.
According to Desjardins, the cyber-security attack affected banking members in both Quebec and Ontario, and the information compromised involved names, addresses, birth dates, social insurance numbers, email addresses, and even data on transaction habits. However, the leaked information didn’t include passwords, identification, and secret codes.
Although there was a delay in discovering the data theft and the scope of the attack, a statement from the insurance co-operative claimed it managed the incident well and that its response was satisfactory. The employee, a man who was not publicly identified, was fired and subsequently arrested by the police.
Despite the attack, Desjardins said it did not record a rise in fraud cases before, and after the announcement of the privacy breach was made. Desjardins is the largest federation of credit unions in North America, making this data breach one of the largest among Canadian financial institutions.
5. Capital one
In one of the largest-ever thefts of bank data, a software engineer hacked into a server and stole millions of consumer applications for credit from Capital One. The hack exposed the personal information of more than 100 million Americans and six million Canadians.
According to Capital One, the data breach, which occurred on March 22 and 23, 2019, resulted in the hacker gaining access to 140,000 Social Security numbers, 1 million Canadian Social Insurance numbers, and 80,000 bank account numbers of secured credit card customers – reportedly from 2005 to 2019.
Among the personal data exposed were names, addresses, credit scores, credit limits, balances, transaction data, and other information. However, the company said no credit card account numbers or login credentials of the Canadian credit card customers and applicants were revealed in the hack.
The suspect, Paige Thompson, was tracked to Seattle and apprehended before she was able to share the information with others online. The 33-year old formerly worked as a tech company software engineer for Amazon (AMZN) Web Services.
With the rising spate of cybersecurity attacks in Canada, it is important for organizations and individuals alike to put measures in place to avoid being a victim of the next attack. Every company needs to start paying attention to huge cybersecurity threats out there so they can protect the sensitive data in their care.