Unknown number of British Columbians' personal information for sale online after health company extorted
CTV News has learned the personal information of British Columbians has been leaked online, with an unknown number of people and agencies potentially still vulnerable, after a data breach at a mental health services provider.
Homewood Health, headquartered in Ontario with services and contracts across Canada, acknowledges it was hacked earlier this year and has recently begun contacting affected companies and agencies whose information may be compromised, including BC Housing, TransLink and the Provincial Health Services Authority.
CTV News has confirmed at least some of the information leaked online is authentic, though the bulk of the data is still on the auction block at Marketo, a site that describes itself as a "leaked data marketplace."
There appear to be hundreds of bids from prospective buyers.
“With the assistance of cybersecurity experts, we have been working diligently to understand how the information was obtained and what information has been affected,” wrote a Homewood Health spokesperson, blaming the breach on state-sponsored Chinese hackers, called Hafnium, who victimized thousands of companies earlier this year. “To date, neither Homewood Health nor its third-party cybersecurity experts have been able to find any evidence of any unauthorized access to any of Homewood Health’s client application systems.”
The company would not estimate how many people’s information could be compromised, insisting while they were notifying affected individuals as quickly as possible, “this process will take time.” They provide services ranging from career and family counselling, to mental health and addiction support and operate retreats for extended stays.
B.C. AGENCIES NOTIFIED OF DATA BREACH
BC Housing appears to be the agency most impacted thus far.
Personal information of hundreds of employees has already been leaked online as a “teaser” or sample of the kind of material the hackers possess, which the provide to try and verify the authenticity and value of the rest of the data package.
“We are very concerned that Homewood Health documents containing the personal information of our employees, and potentially their family members, have been compromised in a data incident,” wrote a spokesperson. “It is Homewood Health that was breached, and they must take steps to protect all those involved.”
The agency, which is focused on providing and running affordable and supportive housing, goes on to say that it's still waiting for critical information from Homewood Health, including how many people and how much information could be involved – and what kind of supports it will be providing for impacted employees.
The sample package also includes a contract between Homewood and TransLink, plus a document updating a previous agreement with BC Clinical Support Services, which is overseen by PHSA.
“We have been in communication with Homewood Health and they have assured us that there was no PHSA employee/patient information included in the breach they are managing,” wrote a spokesperson. “This contains purely contractual information and does not contain any personal information.”
TransLink said it was aware of the information for sale.
“This agreement does not contain any personal information of employees of TransLink or any of its subsidiaries,” it said in an email. “We have since been in contact with Homewood Health, and given that this is their active investigation, we will direct all questions to them."
A Homewood Health representative said the hackers had tried to extort the company over the information, characterizing it as a “dark web” scheme, but the Marketo website can be accessed by anyone with an internet connection.
“This isn't only on the dark web, Marketo group's site exists on the clear web too, so it's very easily accessed," explained online threat analyst Brett Callow, who works for Emsisoft on Vancouver Island. “These types of incidents are extremely common and there are about 2,500 organizations that have had their data stolen and published on sites like this -- and that just within the last couple of years."
THE HACKERS SPEAK UP
Marketo, which has the same name as an online marketing company by Adobe but bears no connection, calls itself a “leaked data marketplace” but it’s perhaps more accurate to describe it as an online clearinghouse for stolen information. The first and most prominent listing currently on its website is for Homewood Health, and it shows that 289 bids have purportedly been made for the information so far.
When CTV News contacted the site, a representative countered Homewood’s description of events, insisting they researched the weaknesses of Homewood Health and other companies and attacked them directly, insisting they did not acquire the data as part of the Hafnium hack.
“I got to say it right away that we just sell company data. We do not have the intention to harm customers or clients of this company,” wrote a spokesperson identifying themselves as Mannus Gott. “If the company understands and is willing to accept responsibility for the leak, there will be no publication. Otherwise, we are not responsible for the safety of this data.”
They say on Thursday, some of the data will be sold and the rest will be published.
Homewood says it has contacted police and has hired its own investigators and experts to advise them.
While extortion and blackmail of companies facing data breaches has become more and more common, it can be shocking and stressful for individuals caught up in the scheme.
"They should be reasonably concerned,” said Callow, suggesting they contact their banks to warn them if notified by Homewood. “The data that's out there could potentially be used for data theft and given the type of information Homewood may own, it could potentially be used to blackmail individuals as well, or attempt to."
Callow pointed out companies that’ve been breached will typically pay for customers to have monitoring in place after such a breach, adding this should be a reminder for individuals, companies and other organizations to take the utmost care in safeguarding their information, including using patches, updates and opting for multi-factor authentication whenever available.
Vancouver Top Stories
CTVNews.ca Top Stories
Gabby Petito, Brian Laundrie were involved in incident at Wyoming restaurant in late August: witnesses
A couple from Louisiana who were vacationing in Jackson, Wyoming, last month said Wednesday they saw an incident involving Gabby Petito and Brian Laundrie in a restaurant in one of the last sightings of Petito before her death.
Scientists in the U.K. are developing a 'potentially significant' treatment for COVID-19 that could be administered to patients in the form of a nasal spray, thanks to the tiny antibodies produced by a llama.
A Victoria man has bequeathed more than half a million dollars to a local animal shelter in honour of his beloved cat, according to the Capital Regional District.
Ian is riding his bike on a journey that began not on the street, but in the backyard with his dad.
The federal government has heard Alberta's call for help in its struggle against the fourth wave of COVID-19 and it will respond, says a statement from Public Safety Minister Bill Blair.
The accused, 43-year-old Patrick Robert Kimmel, is wanted in connection with a home invasion in Drumheller over the weekend.
An Edmonton man was stabbed by a stranger as he was out for a walk with his family downtown last Friday, police say.
A WestJet flight carrying 59 passengers was forced to make an emergency landing at the Edmonton International Airport on Thursday morning after reports of flames from the engine tailpipe.
For the last three weeks, children, teenagers and seniors in Ontario have been unable to book eye appointments with their doctors—and with negotiations between optometrists and the province stalled, it doesn’t appear as though they will be able to do so any time soon.
Long-term Care Minister Rod Phillips says the province will soon publicize staff vaccination rates in nursing homes across Ontario, but he did not yet commit to making the jab mandatory for these workers.
Ontario health officials are reporting fewer than 700 new COVID-19 cases for the fourth day in a row.
One class at a Brandon school has been moved to remote learning after a COVID-19 breakout linked to the Delta variant was declared, according to the province.
Manitoba is reporting 67 new COVID-19 cases on Thursday, with more than half of the new cases being unvaccinated.
A Winnipeg man is $1 million richer after scratching his Set for Life Zing ticket and uncovering three icons.
A Saskatchewan doctor is speaking out following Premier Scott Moe's suggestion that medical professionals "really provide some guidance for Saskatchewan people" to help dispel COVID-19 misinformation.
The amount of COVID-19 detected in Saskatoon's wastewater declined by 61 per cent compared to the week prior, according to researchers.
Saskatchewan RCMP in Prince Albert discovered human remains in the water near the Cecil Ferry.
The province of Saskatchewan reported 426 new cases of COVID-19 on Wednesday, with 25 per cent of cases reported in children under 12.
While the People's Party of Canada did not manage to gain any seats this federal election, its accruing of the popular vote has experts saying the rise of the far-right populist party cannot be ignored.
London police are investigating a suspicious fire that occurred at a residence in the 200-block of Waterloo Street, Wednesday
The Region of Waterloo reported 24 new COVID-19 cases in Thursday's update.
Elections Canada is still tallying up the votes in the Kitchener South-Hespeler and Kitchener-Conestoga ridings.