Cybercrime has seen multiple threat actors throughout the years, perfecting their craft and targeting big companies all over the world. One group, in particular, has been quite active in the last couple of months, and that’s Black Basta. Now, its latest target is none other than Canada’s own – Yellow Pages.
The directory publisher owns several websites, and an attack on its systems means that the threat actors can harvest a lot of data, and so they did.
Over the weekend, Black Basta claimed responsibility for the attack and posted sensitive information and documents on its data leak website. How did this attack take place? What data does it include? Find out in the following article.
Black Basta – Flipping Through the Yellow Pages
When it comes to cyberattacks, we don’t hear that a lot occur in Canada. However, we do see some happening in the United States.
A couple of months ago, none other than Fubo TV – the popular US streaming service – was hit with a huge data breach that caused the channel to go dark minutes before the semi-final between “Morocco and France” took place during the world cup.
Another incident involved Cox Communication, which shows how services like these are considered beneficial targets for cybercriminals.
This brings us to Yellow Pages – a company that has been around since 1908, amassing a large empire of multiple websites such as YP.ca and YellowPages.ca websites, along with the Canada411 online service.
With so many services, Yellow Pages does have a lot of data to harvest. The breach saw the light when Dominic Alvieri spotted Yellow Pages Group’s data being provided on Black Basta’s data leak website:
Now, you’re probably wondering what data the post includes. Based on Bleeping Computer’s analysis, Black Basta leaked a sample of sensitive documents exposing personal information, including:
- ID documents (such as scans of passports and driver’s licenses) exposing people’s date of birth and address
- Tax documents—exposing Social Insurance Number (SIN)
- Sales and purchase agreements
- ‘Accounts Receivable’ spreadsheet dated February 28, 2023
- Budget and debt forecast dated December 2022
Moreover, the data also indicates that Black Basta managed to infiltrate Yellow Pages’ systems on or after March 15th, 2023. Franco Sciannamblo, YP’s Senior Vice President and Chief Financial Officer, confirmed the attack in the following statement:
“Yellow Pages was recently the victim of a cyber attack. As soon as we became aware of the attack, we immediately commenced a thorough investigation into this issue with the assistance of external cyber security experts to contain the incident and ensure that we had secured our systems.”
As a result, the company notified impacted individuals and reported to all appropriate privacy regulatory authorities regarding this incident. It also stated that all of its services have now been restored.
Black Basta Strikes Again – Sensitive Info Everywhere
As we mentioned, Black Basta has been around for quite some time now, targeting big companies for years. However, the ransomware group’s activity quickly catapulted into action over the past year.
This is quite concerning as these threat actors have been releasing data belonging to high-profile victims regularly.
The published data can have future effects, especially on the company’s customers. Other threat actors might take advantage of this and use the information in future attacks, particularly phishing ones. Stay aware!