A Rogers Communications staffer has apparently become the latest Canadian employee to fall victim to a phishing scam which resulted in the theft of customer data.
The company said that “human error” allowed an attacker to access to the account of one staffer who managed accounts of a “small number” of medium-sized business customers.
Patricia Trott, Rogers’ director of public affairs, said in an email to ITWC that the attacker was able to get the business agreements managed by the staff which included business name, address, phone number and pricing details of the corporate customers, but not personal or financial information.
According to the Globe and Mail, an anonymous person posted a zip file with copies of dozens of contracts on Sunday that apparently came from the account. The Globe saw the file and said the documents don’t include password information to accounts. However they do have some business customer telecom information such as the number of data and phone lines purchased.
Rogers [TSX: RCI.B] has notified the police about the intrusion. It has also put in additional security procedures. “We take the privacy and security of our customers’ information very seriously.” Trott said, “and we will continue to review our policies and procedures.”
Although publicly-revealed data thefts at Canadian companies don’t amount to the millions of files that have been reported in the U.S., the country isn’t immune from attacks. Social engineering is a favoured way of skilled attackers to make their way into an enterprise.
Just over a year ago Symantec warned in a report that in 2013, 39 per cent of targeted spear-phishing attacks were sent to large enterprises of more than 2,500 employees. Thirty-one per cent targeted medium-sized firms and 30 per cent targeted SMBs.