Quebec insurer says personal information of present, past staff may have been exposed in cyberattack

A Montreal-based insurance firm’s website is still offline four weeks after a cyberattack and is still trying to recover from the incident.

Promutuel Assurance says the attack started on Dec. 20 and made its IT systems unavailable. In a statement yesterday, the firm said that, so far, its investigation shows no signs of compromised social insurance numbers, driver’s licence numbers, credit card numbers or banking information of insured members.

However, the statement added, personal information of past, present and retired employees “may have been compromised.” As a precaution, Promutuel says it will provide them with credit monitoring and data protection services.

In an email, a spokesperson for the company was asked to confirm to IT World Canada if the incident was ransomware. According to a source working for a cybersecurity research firm in Canada who wished to remain anonymous, the website of the DoppelPaymer ransomware gang lists Promutuel as a victim. It also lists file names it allegedly copied in an attack. Typically, DoppelPaymer threatens to release copied files if the victim doesn’t pay for a data decryption key.

The spokesperson referred the publication to its official statement, which didn’t explain the attack’s source.

Earlier this week, the Journal de Quebec reported that confidential documents from the firm had been published online. In a story today, the news site said Promutuel told it those 15 files were recovered.

Another attack

Meanwhile, late Friday afternoon, the receiver for the Nygard group of companies issued an advisory to employees, customers and partners about a Dec. 12 ransomware attack.

Richter Advisory Group Inc., the court-appointed receiver of Nygard Holdings (USA) Limited, Nygard Inc., and several related companies, said it issued the statement to advise current and former employees, customers, suppliers and others to monitor their information for any unusual activity, including suspicious emails or other communications that claim to be from the retailer.

Richter has been selling off Nygard assets for several months after taking control of the company in March 2020. The cyberattack happened after the receiver took over the company. However, it says that while the attack encrypted many servers, data copied for forensic purposes wasn’t impacted.

On Dec. 30, Richter issued a report to the Manitoba court on the progress of its work, which included a description of the attack. It said the attackers from the Netwalker ransomware gang initially demanded the equivalent of about $3.6 million in bitcoin for the decryption key or copied data would be released. That demand has gone up to the equivalent of $7 million.

In its statement to the court, the receiver said a ransom wouldn’t be paid.

Richter has hired security firm Sophos to work with it to try and restore data from Nygard backups. As of the end of December, the receiver couldn’t say who might be impacted by the attack. Of Nygard’s 245 servers, 58 were encrypted, including five with data on current and former employees, five with sales data and eight with financial data. The report says 54 backup servers are available, but it isn’t confident the data can be relied on in part because the attack damaged  Nygard’s IT system.

Former company head Peter Nygard was taken into custody Dec. 15 and is awaiting extradition to the U.S. on allegations of racketeering, sex trafficking and related crimes.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now