Christine Dobby reports:
Drake International, the Canadian-based job placement firm, confirmed Wednesday that it has been the victim of a hacking scheme by a group seeking to extort payment in exchange for not releasing the personal information of people who have used Drake’s services.
[…]
The hackers that contacted Drake on Monday, made their threats public Wednesday through the social media site Twitter, linking to a website where they outlined their demands for $50,000 to keep the stolen information private. They claim to have data on users from Canada, Australia, the United Kingdom and New Zealand.
Tony Scala, vice-president of marketing and client service at Drake, confirmed that the hackers had obtained names, email addresses, phone numbers and even passwords. He said the company would be contacting its affected users by email, suggesting that they change their passwords. Drake has been in touch with police and has no plans to negotiate with the hackers, he said.
Source: Financial Post.
The hack was announced on Tuesday by the @RexMundi_Anon account, who claimed that they had accessed 300,000 records:
In the statement on Pastebin, which I am not linking to because it contains some PII, the hackers, who provide their e-mail address, write:
Dear friends, foes and members of the media,
Our name is Rex Mundi. We previously hacked into the Web servers of Belgian companies Dexia and AGO Interim and, respectively, American, Dutch and French companies AmeriCash Advance, Accord.nl and Credipret.
Last week, we hacked into the server of Canadian multinational temp work company Drake International (drakeintl.com). We gained access to over 300,000 confidential job applicant records, in addition to data related to the company’s clients. The data stored inside the website’s database relates to candidates located in Australia, New Zealand, the UK and Canada.
We immediately contacted Drake International to offer them not to release the data in exchange of a mere $50,000 (fifty thousand US Dollars). So far, we have unfortunately not heard back from the nice folks over at Drake. Does this mean that they do not care about their clients and job applicants’ privacy? You be the judge.
They have until the end of this week to pay us. If they fail to comply, their entire database will be posted on Pastebin and on various other websites.
The hackers provided some sample data, sufficient apparently, for Drake International to confirm that the hackers were in possession of data.
The Toronto Police Service logged the report:
Extortion – 52 Division
Drake International Recruiting, 320 Bay Street, reports that on January 4, 2013, they received an email from unknown hacker agency advising they have hacked into their client database including contact details, names and passwords. The agency was asked to send a one-time payment of $50,000.00 U.S. to prevent the data records from getting released over the internet. The complainant with their other agencies around the world has agreed on not paying this group.
281/86481/13:36
i think it’s wrong. hacker is hack the website data and sell that email id and cv to other company and earn lots of dollar from this. government has to stop that person. are you agree with me?