Everyone heard of huge ransomware attacks in 2021 like Colonial Pipeline, ACER and the NBA. As a Canadian-based company we wanted to find the attacks that were a little closer to home. The following is a list of 13 cyberattacks on Canadian businesses that happened in 2021.
Superior Plus Corp, based of Toronto, distributes and sells propane, distillates and related products. Servicing over 780,000customers in Canada and the US, they reported a ransomware attack on Sunday, December 12, 2021, affecting their computer systems. They are not sure how it happened but quickly took steps to mitigate risk. (BusinessWire)
In October 2021, the Toronto Transit Commission(TTC) were hit with a form of malicious software that encrypted their data. They aren’t sure if personal information was leaked. However, they did encrypt data and locked out users. Communications were not working and caused service disruptions. Interestingly, the TTC never submitted their cybersecurity report and many are wondering if that is what lead to the attack. (FlamboroughReview) (Toronto Star)
D-Box, entertainment provider, based out of Montreal, suffered a ransomware attack on their supply chain on July 14, 2021. D-Box separates internal systems from those managing its clients so the attack did not affect their partners. After some research, it seems like the intent of the attack remains unclear. They were able to get back up and running but there is no mention of whether or not a ransom was paid. (Latest Hacking News).
In may 221, Canada Post was the victim of a malware attack through a third party vendor. It affected 950,000 parcels. Postal addresses, emails and phone numbers were exposed. They informed their shareholders and implemented proactive measures to avoid this from happening again. (The Daily Swig)
In August 2021, the Canada Revenue Agency (CRA)and GCKey accounts were subject to credential stuffing attacks. Approximately50,000 accounts were targeted. The security of taxpayers’ information was at stake. They were forced offline. (Global News)
In July 2021, Canadian Insurance firm, Heartland Farm Mutual, was breached and may have exposed the personal data of clients. The hackers accessed an employees email inbox which contained the personal information of clients. They firm quickly took action to remove unauthorized access. (The Daily Swig)
Airplane maker, Bombardier got attacked through the vulnerability in Accellion file sharing software. Although personal information of employees and clients were not leaker, airplane design documents and documents to spare parts were accessed through this attack. (Cybersecurity Insiders)
In March 2021, Fortis Ontario, the parent company of Cornwall Electric, a third party contractor responsible for billing was victim to a ransomware attack. Personal information was not leaked but all customers were told to keep high alert of suspicious activity. (Seaway News)
In February 2021, Home Hardware Stores was attacked. Corporate data was appearing online but the company revealed their 1050 stores had no client data leaked. (Financial Post)
On January 16, 2021, the Quebec city of Montmagne was hit with a ransomware attack that shut down their systems and phone lines. The hackers encrypted their data on their servers and then asked for a ransom. Systems were restored after 6 days. (The Press Stories)
On January 14, 2021, Quebec-based insurance company, Promutuel, was hit with a ransomware attack that crippled its systems. Customers were not able to access their accounts and when Promutuel did not pay the ransom, the hackers leaked customer data online. (TechNadu)
As you read, the ransomware attacks affected organizations differently. Some were unable to function whereas others just needed to add extra measures of protection. There is one common denominator in each of these cases, and that’s lack of trust. None of these incidents reported proper security where the attack did not negatively affect the organization. There was uncertainty in each case and it seemed like no one knew what was happening. Cyber attacks are inevitable, but with the right business continuity measures in place, certainty and trust can remain.
If you are missing cyber security tech, let us know. Let’s all work toward a safer 2022.