DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Hit with extortion demand after job applicants’ data hacked, Drake International refuses to pay

Posted on January 9, 2013 by Dissent

Christine Dobby reports:

Drake International, the Canadian-based job placement firm, confirmed Wednesday that it has been the victim of a hacking scheme by a group seeking to extort payment in exchange for not releasing the personal information of people who have used Drake’s services.

[…]

The hackers that contacted Drake on Monday, made their threats public Wednesday through the social media site Twitter, linking to a website where they outlined their demands for $50,000 to keep the stolen information private. They claim to have data on users from Canada, Australia, the United Kingdom and New Zealand.

Tony Scala, vice-president of marketing and client service at Drake, confirmed that the hackers had obtained names, email addresses, phone numbers and even passwords. He said the company would be contacting its affected users by email, suggesting that they change their passwords. Drake has been in touch with police and has no plans to negotiate with the hackers, he said.

Source: Financial Post.

The hack was announced on Tuesday by the @RexMundi_Anon account, who claimed that they had accessed 300,000 records:

RexMundi

In the statement on Pastebin, which I am not linking to because it contains some PII, the hackers, who provide their e-mail address, write:

Dear friends, foes and members of the media,

Our name is Rex Mundi. We previously hacked into the Web servers of Belgian companies Dexia and AGO Interim and, respectively, American, Dutch and French companies AmeriCash Advance, Accord.nl and Credipret.

Last week, we hacked into the server of Canadian multinational temp work company Drake International (drakeintl.com). We gained access to over 300,000 confidential job applicant records, in addition to data related to the company’s clients. The data stored inside the website’s database relates to candidates located in Australia, New Zealand, the UK and Canada.

We immediately contacted Drake International to offer them not to release the data in exchange of a mere $50,000 (fifty thousand US Dollars). So far, we have unfortunately not heard back from the nice folks over at Drake. Does this mean that they do not care about their clients and job applicants’ privacy? You be the judge.

They have until the end of this week to pay us. If they fail to comply, their entire database will be posted on Pastebin and on various other websites.

The hackers provided some sample data, sufficient apparently, for Drake International to confirm that the hackers were in possession of data.

The Toronto Police Service logged the report:

Extortion – 52 Division

Drake International Recruiting, 320 Bay Street, reports that on January 4, 2013, they received an email from unknown hacker agency advising they have hacked into their client database including contact details, names and passwords. The agency was asked to send a one-time payment of $50,000.00 U.S. to prevent the data records from getting released over the internet. The complainant with their other agencies around the world has agreed on not paying this group.

281/86481/13:36


Related:

  • PowerSchool commits to strengthened breach measures following engagement with the Privacy Commissioner of Canada
  • Hungarian police arrest suspect in cyberattacks on independent media
  • Two more entities have folded after ransomware attacks
  • British institutions to be banned from paying ransoms to Russian hackers
  • Data breach feared after cyberattack on AMEOS hospitals in Germany
  • Microsoft Releases Urgent Patch for SharePoint RCE Flaw Exploited in Ongoing Cyber Attacks
Category: Breach IncidentsBusiness SectorNon-U.S.Of Note

Post navigation

← Follow-up: Dun & Bradstreet Unit Fined, Former Employees Sentenced
Cops Suspect Up to 300 Counts of Fraud In KTSU DJ Case →

1 thought on “Hit with extortion demand after job applicants’ data hacked, Drake International refuses to pay”

  1. the government jobs says:
    January 10, 2013 at 1:13 am

    i think it’s wrong. hacker is hack the website data and sell that email id and cv to other company and earn lots of dollar from this. government has to stop that person. are you agree with me?

Comments are closed.

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Clorox Files $380M Suit Alleging Cognizant Gave Hackers Passwords in Catastrophic 2023 Cyberattack
  • Cyberattacks Paralyze Major Russian Restaurant Chains
  • France Travail: At least 340,000 job seekers victims of new hack
  • Legal Silence and Chilling Effects: Injunctions Against the Press in Cybersecurity
  • #StopRansomware: Interlock
  • Suspected XSS Forum Admin Arrested in Ukraine
  • PowerSchool commits to strengthened breach measures following engagement with the Privacy Commissioner of Canada
  • Hungarian police arrest suspect in cyberattacks on independent media
  • Two more entities have folded after ransomware attacks
  • British institutions to be banned from paying ransoms to Russian hackers

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Meta Denies Tracking Menstrual Data in Flo Health Privacy Trial
  • Wikipedia seeks to shield contributors from UK law targeting online anonymity
  • British government reportedlu set to back down on secret iCloud backdoor after US pressure
  • Idaho agrees not to prosecute doctors for out-of-state abortion referrals
  • As companies race to add AI, terms of service changes are going to freak a lot of people out. Think twice before granting consent!
  • Uganda orders Google to register as a data-controller within 30 days after landmark privacy ruling
  • Meta investors, Zuckerberg reach settlement to end $8 billion trial over Facebook privacy violations

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.