Unknown number of British Columbians' personal information for sale online after health company extorted
VANCOUVER -
CTV News has learned the personal information of British Columbians has been leaked online, with an unknown number of people and agencies potentially still vulnerable, after a data breach at a mental health services provider.
Homewood Health, headquartered in Ontario with services and contracts across Canada, acknowledges it was hacked earlier this year and has recently begun contacting affected companies and agencies whose information may be compromised, including BC Housing, TransLink and the Provincial Health Services Authority.
CTV News has confirmed at least some of the information leaked online is authentic, though the bulk of the data is still on the auction block at Marketo, a site that describes itself as a "leaked data marketplace."
There appear to be hundreds of bids from prospective buyers.
“With the assistance of cybersecurity experts, we have been working diligently to understand how the information was obtained and what information has been affected,” wrote a Homewood Health spokesperson, blaming the breach on state-sponsored Chinese hackers, called Hafnium, who victimized thousands of companies earlier this year. “To date, neither Homewood Health nor its third-party cybersecurity experts have been able to find any evidence of any unauthorized access to any of Homewood Health’s client application systems.”
The company would not estimate how many people’s information could be compromised, insisting while they were notifying affected individuals as quickly as possible, “this process will take time.” They provide services ranging from career and family counselling, to mental health and addiction support and operate retreats for extended stays.
B.C. AGENCIES NOTIFIED OF DATA BREACH
BC Housing appears to be the agency most impacted thus far.
Personal information of hundreds of employees has already been leaked online as a “teaser” or sample of the kind of material the hackers possess, which the provide to try and verify the authenticity and value of the rest of the data package.
“We are very concerned that Homewood Health documents containing the personal information of our employees, and potentially their family members, have been compromised in a data incident,” wrote a spokesperson. “It is Homewood Health that was breached, and they must take steps to protect all those involved.”
The agency, which is focused on providing and running affordable and supportive housing, goes on to say that it's still waiting for critical information from Homewood Health, including how many people and how much information could be involved – and what kind of supports it will be providing for impacted employees.
The sample package also includes a contract between Homewood and TransLink, plus a document updating a previous agreement with BC Clinical Support Services, which is overseen by PHSA.
“We have been in communication with Homewood Health and they have assured us that there was no PHSA employee/patient information included in the breach they are managing,” wrote a spokesperson. “This contains purely contractual information and does not contain any personal information.”
TransLink said it was aware of the information for sale.
“This agreement does not contain any personal information of employees of TransLink or any of its subsidiaries,” it said in an email. “We have since been in contact with Homewood Health, and given that this is their active investigation, we will direct all questions to them."
A Homewood Health representative said the hackers had tried to extort the company over the information, characterizing it as a “dark web” scheme, but the Marketo website can be accessed by anyone with an internet connection.
“This isn't only on the dark web, Marketo group's site exists on the clear web too, so it's very easily accessed," explained online threat analyst Brett Callow, who works for Emsisoft on Vancouver Island. “These types of incidents are extremely common and there are about 2,500 organizations that have had their data stolen and published on sites like this -- and that just within the last couple of years."
THE HACKERS SPEAK UP
Marketo, which has the same name as an online marketing company by Adobe but bears no connection, calls itself a “leaked data marketplace” but it’s perhaps more accurate to describe it as an online clearinghouse for stolen information. The first and most prominent listing currently on its website is for Homewood Health, and it shows that 289 bids have purportedly been made for the information so far.
When CTV News contacted the site, a representative countered Homewood’s description of events, insisting they researched the weaknesses of Homewood Health and other companies and attacked them directly, insisting they did not acquire the data as part of the Hafnium hack.
“I got to say it right away that we just sell company data. We do not have the intention to harm customers or clients of this company,” wrote a spokesperson identifying themselves as Mannus Gott. “If the company understands and is willing to accept responsibility for the leak, there will be no publication. Otherwise, we are not responsible for the safety of this data.”
They say on Thursday, some of the data will be sold and the rest will be published.
Homewood says it has contacted police and has hired its own investigators and experts to advise them.
THE VICTIMS
While extortion and blackmail of companies facing data breaches has become more and more common, it can be shocking and stressful for individuals caught up in the scheme.
"They should be reasonably concerned,” said Callow, suggesting they contact their banks to warn them if notified by Homewood. “The data that's out there could potentially be used for data theft and given the type of information Homewood may own, it could potentially be used to blackmail individuals as well, or attempt to."
Callow pointed out companies that’ve been breached will typically pay for customers to have monitoring in place after such a breach, adding this should be a reminder for individuals, companies and other organizations to take the utmost care in safeguarding their information, including using patches, updates and opting for multi-factor authentication whenever available.
CTVNews.ca Top Stories
Singh 'not satisfied' with confidence-and-supply agreement, says he'd do a better job as PM
NDP Leader Jagmeet Singh says he's 'not satisfied' with his party's confidence-and-supply agreement with the Liberals — signed a year ago this week — because it's shown him he could do a better job running the country than the current government.
Ukraine demands emergency UN meeting over Putin nuclear plan
Ukraine's government on Sunday called for an emergency meeting of the UN Security Council to 'counter the Kremlin's nuclear blackmail' after Russian President Vladimir Putin revealed plans to station tactical atomic weapons in Belarus.
Risk of a hard landing for Canadian economy is up, former Bank of Canada governor says
Former Bank of Canada governor Stephen Poloz says Canada’s economy is at a greater risk of a 'hard landing' — a rapid economic slowdown following a period of growth and approaching a recession.
Millennials dominate insolvencies as credit card, student loan, CERB tax debts add up
Insolvency trustee Doug Hoyes says millennial Canadians have been dealt a generational losing hand as they face student loans layered with bad debts from credit cards, high-interest loans, and post-pandemic tax debt from collecting CERB.
Canadians view own country favourably but many unsure about Canada's system of government: survey
A recent study by the Angus Reid Institute found Canadians view their country more positively than Americans do, but only a slight majority of people in Canada believe their system of government is good.
Jonathan Majors arrested on assault charge in New York
The actor Jonathan Majors was arrested Saturday in New York on charges of strangulation, assault and harassment, authorities said.
Officials: 2 dead, 5 missing in chocolate factory explosion
An explosion at a chocolate factory in Pennsylvania on Friday killed two people and left five people missing, authorities said. One person was pulled from the rubble overnight.
'Horrible, horrible deals': Trump criticizes Biden's visit to Canada
Former U.S. president Donald Trump shared his disdain for Joe Biden's visit to Canada, saying Prime Minister Justin Trudeau treats the U.S. ‘horribly’ on trade issues.
Declining suicide rates in Europe may be linked to increased preventative initiatives: report
Within the last decade the total suicide rate among European nations have decreased, according to a new report that says increased suicide prevention initiatives may have helped bring down this death rate.
Vancouver Island
-
Vancouver Island farmers struggle to deal with threatened elk species
Farmers in the Cowichan Valley are losing crops and dealing with property and field damage caused by Roosevelt Elk, which have become a regular fixture on some farms in the area.
-
Victoria police say repeat offender wanted again
Victoria police are once again looking for William Watts, who they describe as "a high risk to reoffend."
-
Lack of staff leads to more BC Ferries cancellations
BC Ferries cancelled several sailings because of a lack of crew Saturday, including two trips between Greater Victoria and the Lower Mainland.
Calgary
-
‘Beef for Biden’: Alberta favourite featured on dinner menu for presidential visit to Ottawa
Prime Minister Justin Trudeau and United States President Joe Biden shared dinner together for the first time Friday evening in Ottawa and a world-renowned Alberta favourite was included on the menu.
-
Ukraine demands emergency UN meeting over Putin nuclear plan
Ukraine's government on Sunday called for an emergency meeting of the UN Security Council to 'counter the Kremlin's nuclear blackmail' after Russian President Vladimir Putin revealed plans to station tactical atomic weapons in Belarus.
-
Roughnecks sweep season series against Saskatchewan with 14-6 victory
The Calgary Roughnecks made it a season sweep of Saskatchewan, defeating the Rush 14-6 Saturday night at Sasktel Centre in Saskatoon.
Edmonton
-
Fundraiser to support respite, camp programs offered by Children's Autism Services of Edmonton
For the second year in a row, a local salon is leading an autism fundraising and awareness campaign.
-
Ukrainian newcomers taught about Canadian rights, rules to protect themselves
An information session for Ukrainian newcomers about their legal rights and regulations in Canada was held at MacEwan University on Saturday.
-
'There's nothing left': Deep South tornadoes kill 26
Rescuers raced Saturday to search for survivors and help hundreds of people left homeless after a powerful tornado cut a devastating path through Mississippi, killing at least 25 people, injuring dozens, and flattening entire blocks as it carved a path of destruction for more than an hour. One person was killed in Alabama.
Toronto
-
Ontario woman's lost wedding dress found by thrift store volunteer after ‘long shot’ search
After making a 'long shot' plea to the public this weekend, a woman in southern Ontario has found her lost wedding dress, mistakenly donated by her father earlier this year.
-
Thousands of customers remain without power in Ontario following windstorm
More than 10,000 customers remain without power in Ontario today after strong winds hit the southern and eastern parts of the province on Saturday.
-
Male dead following stabbing at Toronto subway station
A male victim has died in hospital after being stabbed late Saturday night inside Keele subway station.
Montreal
-
Montreal police confirm fifth body found in rubble of historic building fire
Montreal police say a fifth body has been extracted from the rubble of a heritage building that caught fire nine days ago, leaving two others still missing.
-
Thousands of Hydro-Quebec customers without power Sunday morning
Over 33,000 Hydro-Quebec customers were without power as of 7:20 a.m. Sunday. By 9:30 a.m., the number had lowered to just over 25,000.
-
Quebec should tax gas-guzzlers to reverse SUV trend, says environmental group
Quebecers aren't using their sport utility vehicles (SUVs) to their full capacities, a recent study found, with just 38 per cent of owners utilizing their vehicle's entire cargo space at least once a week, and nearly three-quarters never using their SUV to pull a load.
Winnipeg
-
Community group needs help clearing Winnipeg streets of litter
With the spring weather thawing out the city, Winnipeggers are noticing something being left behind by the disappearing snow.
-
Kings dump Jets 4-1, tie franchise mark for points
LOS ANGELES (AP) -- Viktor Arvidsson had two goals and the Los Angeles Kings matched their longest point streak in franchise history with a 4-1 victory over the Winnipeg Jets on Saturday afternoon.
-
'Go out and have a laugh': Festival of Fools kicks off at The Forks
A beloved circus-themed event has returned to The Forks, offering free children's entertainment for Winnipeggers throughout spring break.
Saskatoon
-
'He is very well decorated': Sask. veteran turns 100, honoured by Legion for lifetime of service
The Saskatchewan Royal Legion celebrated one of its members reaching a major milestone this weekend.
-
Suspicious death under investigation: Saskatoon police
Saskatoon police are investigating a suspicious death.
-
Saskatchewan family doctors say provincial budget short on needed reforms
Saskatchewan family doctors say the province's latest budget fails to make needed reforms that would help keep them here as some look elsewhere for work.
Regina
-
Saskatchewan family doctors say provincial budget short on needed reforms
Saskatchewan family doctors say the province's latest budget fails to make needed reforms that would help keep them here as some look elsewhere for work.
-
'We are so devastated': Couple asks for relative's ashes to be returned
Leah Radons and her husband Brian are hoping for the return of a loved one's ashes after they were stolen in Regina during a cross-Canada road trip.
-
'Shelter in place': Police operation closes down section of central Regina
Police in Regina advised the public to avoid a section of the city's central neighbourhoods due to a late night operation.
Atlantic
-
Messy mix of snow, ice pellets and rain Sunday into Monday
A low-pressure system moving up the coastline of Maine will cross Nova Scotia Sunday into early Monday morning, bringing a mix of snow, ice pellets and rain.
-
P.E.I. Green Party wasn't ready for election, may lose seats from 2019: experts
As the Prince Edward Island election approaches its final week, the Green Party is fighting to hold onto its historic gains from the last provincial vote -- a battle some experts say could result in lost seats.
-
NDP MP introduces bill to combat online hate speech
Incidents of online hate speech are on the rise and an NDP MP is introducing new legislation to stop it.
London
-
Early morning apartment fire briefly displaces residents, 2 dogs rescued
Residents of a central London, Ont. apartment were temporarily displaced from their units and were kept warm inside a city bus after a fire broke out early Sunday morning.
-
London police warning public of a 'high risk offender'
The London Police Service has issued a public safety warning due to the release of a 'high risk offender.'
-
A sunny Sunday in the Forest City
After Saturday’s wind storm, London, Ont. residents are in store for a warm and sunny finish to their weekend. Sunday will be mainly sunny with some slight wind gusts, with the high reaching 9 degrees.
Northern Ontario
-
Risk of a hard landing for Canadian economy is up, former Bank of Canada governor says
Former Bank of Canada governor Stephen Poloz says Canada’s economy is at a greater risk of a 'hard landing' — a rapid economic slowdown following a period of growth and approaching a recession.
-
New survey suggests people should check receipts before leaving grocery stores
A survey conducted by the Agri-Foods Analytic Lab at Dalhousie University asked more than fifty-five hundred Canadians whether or not they check their grocery store receipts and what do they find when they do so.
-
Mixed feelings, disappointment around the NHL pride night controversies
Two NHL hockey players with northern Ontario roots find themselves in an unwelcomed spotlight after refusing to don pride-themed jerseys.
Kitchener
-
Some Ukrainians refugees returning home due to K-W housing crisis: grassroots group
An organization that helps Ukrainian refugees resettle in Waterloo region says some are having so much trouble finding housing in Canada, they're opting to return to the war-torn country.
-
High schoolers send robots into battle at Waterloo competition
Thirty robots went head to head, battling for machine supremacy at the University of Waterloo FIRST Robotics Competition on Saturday.
-
Sold-out crowd celebrates all things pickle in Kitchener
A 'dill-icious' event took over THEMUSEUM in downtown Kitchener Friday night as Picklefest made its return.