Tag Archives: hack

Chartered Professional Accountants of Canada Hacked

Another day, another cyberattack. This time, more than 329,000 accounts of members of CPAC were hacked.

Information disclosed included names, addresses, e-mails and employer names, passwords and credit card numbers. Password and credit card numbers however were encrypted.

CPAC sent an email recommending that their members remain vigilant. They say that stolen information could be used as a phishing attack, a type of social engineering attack often used to steal user data, including login credentials and credit card numbers.

https://twitter.com/maverickcgroup/status/1269991077185912833

CPAC said they are not sure exactly when the breach happened, but could be between November 30th 2019 and May 1st 2020.

CPAC said that they hired security experts and contacted Canadian Anti-Fraud Centre to let them know about the hack.

“Upon discovering this, CPA Canada took immediate steps to secure its systems and conduct a thorough analysis to determine what information may have been involved.

There is no evidence that the encryption keys were affected in this incident and we have no reason to believe the encryption was compromised.”

avatar

CPAC’s Email To Members

This recent hack of Chartered Professional Accountants of Canada adds to a large list of recent hacks against companies such as Desjardins and LifeLabs.

Data OF 15 Million LifeLabs’ Canadian Customers Compromised

Lifelabs , Canada’s largest provider of health diagnostic testing services, acknowledged that more than 15 million of accounts have been compromised in a recent hack.

However Lifelabs has mentioned that they have negotiated with hackers and paid a ransom fee to get the data back.

Information of more than 15 million of customers in British Columbia and Ontario have been compromised. Data like the names, addresses, email addresses, customer logins and passwords, health card numbers and lab test results have been accessed by hackers.

The company states that the hack has occurred on November 1st 2019.

This is not the first time LifeLabs gets hacked. They had similar incident few years ago where hard drives with data of thousands of patients were stolen.

Lifelabs apologizes for the incident and says that it will offer one free year of identity theft insurance as well as dark web monitoring.

An Open Letter to LifeLabs Customers

To our customers:

Through proactive surveillance, LifeLabs recently identified a cyber-attack that involved unauthorized access to our computer systems with customer information that could include name, address, email, login, passwords, date of birth, health card number and lab test results.

Personally, I want to say I am sorry that this happened. As we manage through this issue, my team and I remain focused on the best interests of our customers. You entrust us with important health information, and we take that responsibility very seriously.

We have taken several measures to protect our customer information including:

Immediately engaging with world-class cyber security experts to isolate and secure the affected systems and determine the scope of the breach;

Further strengthening our systems to deter future incidents;

Retrieving the data by making a payment. We did this in collaboration with experts familiar with cyber-attacks and negotiations with cyber criminals;

Engaging with law enforcement, who are currently investigating the matter; and

Offering cyber security protection services to our customers, such as identity theft and fraud protection insurance.

I want to emphasize that at this time, our cyber security firms have advised that the risk to our customers in connection with this cyber-attack is low and that they have not seen any public disclosure of customer data as part of their investigations, including monitoring of the dark web and other online locations.

We have fixed the system issues related to the criminal activity and worked around the clock to put in place additional safeguards to protect your information. In the interest of transparency and as required by privacy regulations, we are making this announcement to notify all customers. There is information relating to approximately 15 million customers on the computer systems that were potentially accessed in this breach. The vast majority of these customers are in B.C. and Ontario, with relatively few customers in other locations. In the case of lab test results, our investigations to date of these systems indicate that there are 85,000 impacted customers from 2016 or earlier located in Ontario; we will be working to notify these customers directly. Our investigation to date indicates any instance of health card information was from 2016 or earlier.

While you are entitled to file a complaint with the privacy commissioners, we have already notified them of this breach and they are investigating the matter. We have also notified our government partners.

While we’ve been taking steps over the last several years to strengthen our cyber defenses, this has served as a reminder that we need to stay ahead of cybercrime which has become a pervasive issue around the world in all sectors.

Any customer who is concerned about this incident can receive one free year of protection that includes dark web monitoring and identity theft insurance.

Yours sincerely,

President and CEO

avatar

Charles Brown

LifeLabs

Facebook Scolds Canada

Canadian regulators said that Facebook’s weak privacy protection was to blame for millions of users’ data being exposed.

Canadian privacy commissionaire said that Facebook broke national and provincial regulations when it came to sharing user data with third parties.

Facebook flat-out refused to agree with the Canadian government’s legal findings and refused audits of its privacy procedures.

Daniel Therrien, The Privacy Commissioner of Canada, told New York Times:

“They told us outright that they do not agree with our legal findings. I find that absolutely untenable that a company can tell a regulator that it does not respect its findings.”

Therrien said that they will be taking Facebook to Canadian federal court but he acknowledges that even if Facebook is found guilty due to Canadian law system , it might only be fined few thousand dollars.

Facebook was not happy with Therrien’s announcement and released the following statement:

“After many months of good-faith cooperation and lengthy negotiations, we are disappointed. There’s no evidence that Canadians’ data was shared with Cambridge Analytica, and we’ve made dramatic improvements to our platform to protect people’s personal information.”

While Canada might impose penalties against Facebook in the future there are most likely be puny when compares to up to $5 billion dollars that might be imposed against them by Federal Trade Commission for privacy violations.

Therrien said he is not happy with a current system and is worried because some 622,000 Canadians may have been affected by personal data exposure. Therrien said that he wants better privacy laws in Canada as well as a way for regulators penalize companies.

Canada never adopted stiff penalties like many other European countries.

iPhone Facetime’s Hack

Update: Apple released iOS 12.1.4 that fixes FaceTime security flaw that let people eavesdrop in on you or even see your camera without your authorization. Feel free to go to Settings > General > Software update to do the update now.

You would never expect a large firm like Apple would let you eavesdrops on another person’s iPhone. But yesterday social media went crazy discussing how easy it is to do just that.

Basically you can call another person’s iPhone and eavesdrop or even see a video without the other person’s accepting it.

Apple acknowledge that it’s a bug in their Facetime software system and even without answering the call the other person can hear and see what you are doing.

We’re aware of this issue and we have identified a fix that will be released in a software update later this week

Apple

Apple has also said that it has disabled group Facetime chat, the software that was causing an issue.

This is a big setback for Apple as it is trying to a be a leader when it comes to its users’ privacy.

At Planetweb, we have replicated an issue. It is very simple to do. Just call someone using Facetime and while calling, swipe up and add yourself to the convesation. Even if the other person does not answer – you will stay connected and can hear the other person’s microphone.

What’s even worse, if that person mutes the incoming call with up or down volume button, that will switch on his or her camera, and you will be able to see video.

How to fix it? Just wait for an update from Apple. You have been warned.

Air Canada Hacked

Air Canada said that over 20,000 profiles saved into their mobile app have been compromised and info such as customer’s Aeroplan number, passport number, Nexus number, known traveller number, gender, birth date, nationality, passport expiration date, passport country of issuance and country of residence could have been accessed.

After discovering the breach Air Canada has shut down the app, and is forcing all 1.7 million app users to change their passwords immediately.

Free-Photos / Pixabay

Chester Wisniewski, cyber security specialist, said in an interview with CBC:

“You never want someone to know your name, your birthday and your passport.

I suspect hackers stumbled across a bug in the API.

I don’t think they were targeting Air Canada or they were intent on stealing specific info, there’s a lot of hackers who are just scrolling the internet looking for doors that are ajar. If they find a door that’s open they start monkeying around.”

Some users complained not being able to login, but some others, like this Canadian satire site cracked jokes.

Air Canada said that they have not detected improper use of stolen passwords. Yet.

Gabor Lukacs, Canadian air passenger rights advocate, mentioned that he would recommend people affected to complain to the Office of the Privacy Commissioner, Canada’s watchdog that  provides advice and information for individuals about protecting personal information.

Lukacs said:

“When a corporation collects your data, they have a responsibility to keep it safe. When they fail, it is a matter for the Office of the Privacy Commissioner to investigate.

People may also wish to start a class action against Air Canada in this situation.”

Cyber security is becoming a big issue in Canada, where a recent report from Deloitte mentioned that many cyber security jobs in Canada go unfilled due to lack of experienced professionals.