Massive Data Breach Forces Canadian Association to Pay $20,000 Ransom

BrightTALK The 2019 Threatscape

The Federation of Sovereign Indigenous Nations in Canada had been forced to pay C$20,000 to an anonymous hacker who breached its systems and held internal files and its email system hostage.

CBC News is reporting that the association paid the ransom at a time when hundreds of delegates came together to elect a new FSIN chief and two vice-chiefs in Saskatoon.

Citing two sources with direct knowledge of the incident, CBC adds that a wide range of data including files on residential school survivors, youth athletes, their coaches, internal land claims and other information were held hostage by the hacker. Further, social insurance numbers, treaty card numbers and health claims of staff and the executive were also accessed by the hacker.

Initially, the hack went undetected for a period of time before an FSIN staffer received an email from the hacker demanding a ransom of over $100,000.

The federation’s treasury board and the audit committee, comprising of indigenous chiefs across the province discussed the situation in a meeting. While some called for an immediate notice to be sent to all impacted employees, parents and companies alongside a police report and a puåçblic statement, none came to pass.

Instead, there were ådiscreet negotiations between the hacker and the association wherein the latter eventually forked out over C$20,000 in cryptocurrency, specifically bitcoin, to the hacker.

As things stand, the FSIN has reportedly sought the services of a private cybersecurity firm. While email systems are functional again, CBC adds there is no guarantee that the hacker did delete the data altogether.

Image credit: Pexels.