SUBSCRIBE
1643
0
Security

CFIB confirms data up for sale was stolen from the association

Howard Solomon
information security mind map
Shutterstock.com

An association representing Canadian small and medium-sized businesses has acknowledged someone recently stole and put up for sale a database of its prospects.

Dan Kelly, chief executive officer of the Canadian Federation of Independent Business, said Thursday the database is “mostly old information’ and not the main database of the estimated 97,000 members of the association.

Still, according to the posting on a criminal marketplace, the database has fields for names, street addresses, email addresses and mobile phone numbers — enough information for a phishing campaign. Kelly didn’t say how many names were in the stolen database.

Kelly said the federation didn’t know about the data leak until it was contacted by IT World Canada on Thursday morning. We were tipped off about the database being offered on a criminal marketplace by a cybersecurity researcher who spotted it.

The posting lists a date of 29/12/2022, suggesting the file was stolen on that date. The posting says the data format is CSV and the number of records is 972,235.

“It does look like its prospect data, not membership data,” Kelly said in an interview. “We’re not sure of the exact nature of it … so we’re doing a full investigation.”

The database appears to be a list of leads compiled for federation sales staff when they go door-knocking to sell memberships, he said. “It’s mostly old information,” he said, “very basic information that anybody could find by doing a Google search.”

It is “mostly information that any leads list of businesses that would have. Their information for the most part is public … It’s mostly stuff  that we’ve either collected ourselves in the past or perhaps from purchased lists of leads from businesses.”

Some of the businesses in the database may no longer be around, he added.

“We’re doing a further investigation just to make sure there isn’t anything [personal] in there that would worry anyone.”

It isn’t clear how the data was copied. The file was apparently held in a Microsoft Power BI database. “We think we have [now] closed all loopholes” in the application, Kelly said.

In December, the federation launched an online cybersecurity training program aimed at Canadian small and medium businesses.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com
Previous article
Coveo introduces new Relevance Generative Answering capability
Next article
Sobeys parent says total impact of cyber attack could be over $54 million

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...
Read more

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...
Read more

Related Tech News

Tech Jobs

Subscribe to our Newsletter

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

SUBSCRIBE

Tech Companies Hiring Right Now

Popular Stories This Week

ITWC Network

Follow Us

©

2024

IT World Canada. All Rights Reserved.

SUBSCRIBE