Unknown number of British Columbians' personal information for sale online after health company extorted
CTV News has learned the personal information of British Columbians has been leaked online, with an unknown number of people and agencies potentially still vulnerable, after a data breach at a mental health services provider.
Homewood Health, headquartered in Ontario with services and contracts across Canada, acknowledges it was hacked earlier this year and has recently begun contacting affected companies and agencies whose information may be compromised, including BC Housing, TransLink and the Provincial Health Services Authority.
CTV News has confirmed at least some of the information leaked online is authentic, though the bulk of the data is still on the auction block at Marketo, a site that describes itself as a "leaked data marketplace."
There appear to be hundreds of bids from prospective buyers.
“With the assistance of cybersecurity experts, we have been working diligently to understand how the information was obtained and what information has been affected,” wrote a Homewood Health spokesperson, blaming the breach on state-sponsored Chinese hackers, called Hafnium, who victimized thousands of companies earlier this year. “To date, neither Homewood Health nor its third-party cybersecurity experts have been able to find any evidence of any unauthorized access to any of Homewood Health’s client application systems.”
The company would not estimate how many people’s information could be compromised, insisting while they were notifying affected individuals as quickly as possible, “this process will take time.” They provide services ranging from career and family counselling, to mental health and addiction support and operate retreats for extended stays.
B.C. AGENCIES NOTIFIED OF DATA BREACH
BC Housing appears to be the agency most impacted thus far.
Personal information of hundreds of employees has already been leaked online as a “teaser” or sample of the kind of material the hackers possess, which the provide to try and verify the authenticity and value of the rest of the data package.
“We are very concerned that Homewood Health documents containing the personal information of our employees, and potentially their family members, have been compromised in a data incident,” wrote a spokesperson. “It is Homewood Health that was breached, and they must take steps to protect all those involved.”
The agency, which is focused on providing and running affordable and supportive housing, goes on to say that it's still waiting for critical information from Homewood Health, including how many people and how much information could be involved – and what kind of supports it will be providing for impacted employees.
The sample package also includes a contract between Homewood and TransLink, plus a document updating a previous agreement with BC Clinical Support Services, which is overseen by PHSA.
“We have been in communication with Homewood Health and they have assured us that there was no PHSA employee/patient information included in the breach they are managing,” wrote a spokesperson. “This contains purely contractual information and does not contain any personal information.”
TransLink said it was aware of the information for sale.
“This agreement does not contain any personal information of employees of TransLink or any of its subsidiaries,” it said in an email. “We have since been in contact with Homewood Health, and given that this is their active investigation, we will direct all questions to them."
A Homewood Health representative said the hackers had tried to extort the company over the information, characterizing it as a “dark web” scheme, but the Marketo website can be accessed by anyone with an internet connection.
“This isn't only on the dark web, Marketo group's site exists on the clear web too, so it's very easily accessed," explained online threat analyst Brett Callow, who works for Emsisoft on Vancouver Island. “These types of incidents are extremely common and there are about 2,500 organizations that have had their data stolen and published on sites like this -- and that just within the last couple of years."
THE HACKERS SPEAK UP
Marketo, which has the same name as an online marketing company by Adobe but bears no connection, calls itself a “leaked data marketplace” but it’s perhaps more accurate to describe it as an online clearinghouse for stolen information. The first and most prominent listing currently on its website is for Homewood Health, and it shows that 289 bids have purportedly been made for the information so far.
When CTV News contacted the site, a representative countered Homewood’s description of events, insisting they researched the weaknesses of Homewood Health and other companies and attacked them directly, insisting they did not acquire the data as part of the Hafnium hack.
“I got to say it right away that we just sell company data. We do not have the intention to harm customers or clients of this company,” wrote a spokesperson identifying themselves as Mannus Gott. “If the company understands and is willing to accept responsibility for the leak, there will be no publication. Otherwise, we are not responsible for the safety of this data.”
They say on Thursday, some of the data will be sold and the rest will be published.
Homewood says it has contacted police and has hired its own investigators and experts to advise them.
While extortion and blackmail of companies facing data breaches has become more and more common, it can be shocking and stressful for individuals caught up in the scheme.
"They should be reasonably concerned,” said Callow, suggesting they contact their banks to warn them if notified by Homewood. “The data that's out there could potentially be used for data theft and given the type of information Homewood may own, it could potentially be used to blackmail individuals as well, or attempt to."
Callow pointed out companies that’ve been breached will typically pay for customers to have monitoring in place after such a breach, adding this should be a reminder for individuals, companies and other organizations to take the utmost care in safeguarding their information, including using patches, updates and opting for multi-factor authentication whenever available.
Vancouver Top Stories
CTVNews.ca Top Stories
While Canadians didn’t have to wait too long on election night to find out who will lead the next government, there are still some individual seats too close to call.
While the People's Party of Canada did not manage to gain any seats this federal election, its accruing of the popular vote has experts saying the rise of the far-right populist party cannot be ignored.
Premier Doug Ford welcomed the launch of COVID-19 vaccine certificates in Ontario, saying the system is essential to prevent the province from entering into another lockdown.
Former Liberal candidate dropped from party amid controversy says he'll sit as MP after winning Toronto riding
The former Liberal candidate elected in Spadina- Fort York has confirmed he intends to represent the riding in Ottawa despite calls for him to step aside after a past allegation of sexual assault came to light.
Sherbrooke police is looking for a suspect who allegedly assaulted a nurse in a pharmacy.
Hundreds of thousands of white flags covering 80,000 square metres of the National Mall in Washington, D.C., have been planted in memory of the lives lost to COVID-19 in the U.S..
Croatian police said Wednesday they have established the identity of a woman who was found in a remote area on a northern Adriatic island with no recollection of who she was or where she came from.
FBI asks for the public's help in finding Gabby Petito's fiance as new tip emerges about his previous movements
The FBI is asking for the public's help in finding Gabby Petito's fiance Brian Laundrie after a coroner made an initial determination that Petito died by homicide.
The United Conservative Party says it will be moving up its annual general meeting in 2022 from the fall to the spring, and it's Jason Kenney's idea to do so.
The cases were among 759 new cases found in B.C. over the past 24 hours, according to a statement from the provincial Health Ministry.
Three Vancouver Island police departments say the province will no longer pay for their naloxone supplies — a life-saving medication officers use frequently, in the midst of the overdose crisis.
Police say a man who was wanted on several outstanding warrants in Central Saanich and Victoria was arrested Tuesday night.
Pubs and restaurants say they've been left to take the brunt of the backlash for the province's vaccine passport program, including threats and abuse from would-be guests.
An 18-year-old woman became the youngest Albertan to die of COVID-19, the province announced Wednesday which one Calgary physician said was because of the province's lacklustre COVID-19 policies in schools.
COVID-19 in Alberta: 1st death under 20, as hospitalization, ICU counts rise to record highs Wednesday
Alberta reported 1,336 new COVID-19 cases and 20 deaths on Wednesday.
For the first time ever, the Edmonton Griesbach riding is not held by a Conservative after NDP candidate Blake Desjarlais defeated incumbent Kerry Diotte.
As healthcare workers struggle with a fourth wave of COVID-19 patients – other Albertans will be heading off to weekend carnivals and festivals sanctioned by health officials and approved by the UCP government.
An Ontario woman whose home was left a mess after a botched driveway sealing job said 'it looked a bomb exploded' on her property.
Liberal Julie Dzerowicz has won reelection in her Davenport riding by the slimmest of margins, CTV News declares.
Most of Quebec's politicians say they're ready to work together to legislate a ban on anti-vaccine demonstrations near schools and hospitals, creating heavy fines, but the sole Conservative MNA says she's not convinced.
All students at Sainte-Odile Elementary and École Saint-Émile were sent home due to an outbreak of COVID-19 cases, officials confirmed Wednesday.
CTV News’ decision desk officially announced early Wednesday evening that incumbent Bloc Quebecois MP Yves Perron narrowly defeated Brosseau by 933 votes.
UPDATED | Recount anticipated after Conservative incumbent Marty Morantz snags re-election by 24 votes
Candidates in the Charleswood-St. James-Assiniboia-Headingley riding are anticipating a judicial recount, after Marty Morantz of the Conservative Party of Canada snagged re-election with just 24 votes over Liberal candidate Doug Eyolfson.
Manitoba RCMP are searching for information in a violent attack in Norway House after a boy was stabbed in his bed by an unknown person who RCMP said broke into the home.
The NHL found no evidence that San Jose Sharks forward Evander Kane bet on NHL games or tried to throw games after investigating allegations made by his estranged wife.
‘We’re not playing to our full potential’: Hilltops hope to turn things around after rare back-to-back losses
Despite losing back to back games, Saskatoon Hilltops head coach Tom Sargeant said it’s no time to panic.
A Saskatchewan doctor is speaking out following Premier Scott Moe's suggestion that medical professionals "really provide some guidance for Saskatchewan people" to help dispel COVID-19 misinformation.
The province of Saskatchewan reported 426 new cases of COVID-19 on Wednesday, with 25 per cent of cases reported in children under 12.
The Saskatchewan NDP says it’s time for the province to consider asking the Canadian military for help as COVID-19 hospitalizations continue to rise.
Briercrest College in Caronport reported a total of 71 COVID-19 cases have been confirmed as of Monday, including 62 active.
Steve Murphy, a legendary and trusted voice for news in Atlantic Canada, announced during this evening’s broadcast of CTV NEWS AT SIX his decision to step aside from his role as CTV News Atlantic’s Executive News Editor and Chief Anchor for the flagship news program.
Health officials in New Brunswick are reporting 75 new cases of COVID-19 on Wednesday, along with 27 recoveries, as the number of active cases in the province rises to 557.
Health officials in Nova Scotia are reporting 19 new cases of COVID-19 on Wednesday, along with 29 recoveries, as the number of active cases in the province drops to 127.
All local roads in Southwest Middlesex are closed to the public and a significant weather event has been declared.
The rain continues to come down in southwestern Ontario and will last until Thursday.
Several households had to be evacuated Wednesday evening after a natural gas leak in an east London neighbourhood.
Two days after the polling stations closed across Canada, Sault Ste. Marie was finally able to announce its winner.
From more placement opportunities to the development of a leadership academy, students at Cambrian College have the ability to add more to their resumes before hitting the workforce.
Sudbury Mayor Brian Bigger gave his first state-of-the-city address Wednesday in more than two years to a virtual crowd over the lunch hour.
Proof of vaccination required at some Waterloo Region businesses as Ont. launches certification program
Waterloo Region residents will need to show proof of their COVID-19 vaccination status to access many non-essential businesses starting Wednesday.
There's growing confusing surrounding Alliance Hockey the Ontario Minor Hockey Association's decision to mandate COVID-19 vaccines for players, parents, coaches and staff.
Health officials in Waterloo Region reported two COVID-19-related deaths and 18 new cases on Wednesday, as active infections dropped significantly.