DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Ca: Durham Region hit by cyberattack

Posted on April 10, 2021 by Dissent

Durham Radio News reports:

Durham Region has been hit by a recent cyberattack and experts are working to figure out what information may have been compromised.

That’s according to a statement from the region, which can be read below.

They say the vulnerability has since been addressed and the regional systems have been secured. There’s no word on what specifically led up to the attack.

Read more on Durham Radio News for their statement, which, unhelpfully, does not explain what happened.  Nor does it name the third-party softwre provider responsible for the breach.

There is a strong likelihood that the breach is related to the threat actors known as CLOP, who have dumped 6.5 GB of files on their leak site this week that they claim come from Durham.ca.  With CLOP, however, it’s not always clear whether they are the attackers or if they are just listing attacks by partners or affiliates.  Nor does their site specifically tag which victims were part of a large Accellion breach in December and January that is first being discovered and disclosed by some Accellion clients, so it is not clear whether Accellion is the software provider being referred to (but it is possible).

DataBreaches.net has not completed acquiring the dumped data, but notes that one thing that may spare some people from wider dissemination of their data is that CLOP’s downloads are painfully slow. That said, anyone in the Durham region should be prepared to receive messages threatening to disclose their data if they do not pay the attackers some extortion amount.  Most experts and law enforcement recommend against paying any extortion demand.

People in the Durham region should also be on guard against phishing attempts that use information the attackers acquired in the hack.  The phishing attempts are often quite realistic and targeted to the person using specific information that makes them seem credible.  If you get any request for your information or someone else’s information, do not provide it — and do not even email or call any number given in an email request.  Start from the beginning and look up the real phone number or email address of the person who is supposedly contacting you, and then reach out via that phone number to ask whether the email you received was from them.

h/t, @Chum1ng0

Update:  So after looking at the 6.5 GB of files that CLOP have dumped so far for Durham, it appears that yes, this was from the Accellion breach. The directory shows foldernames with email addresses, which is what we see for those using Accellion’s standalone server for their file transfer service.  The date of January 21 is also consistent when CLOP was albe to exploit one of four vulnerabilities in Accellion’s software that they found.

As to the files themselves: without going into detail, there appears to be a lot of child-related and student-related fiels that have fallen into the hands of criminals.  Hopefully Durham will make a full disclosure and notify those whose PII or PSI has been acquired.

 

Category: Non-U.S.Subcontractor

Post navigation

← SG: Possible data breach involving 62,000 e-mails sent to Certis
Br: Leak exposes 1.7 TB of customer data from Brazilian fintech iugu →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Nigerian National Sentenced To More Than Five Years For Hacking, Fraud, And Identity Theft Scheme
  • Data breach of patient info ends in firing of Miami hospital employee
  • Texas DOT investigates breach of crash report records, sends notification letters
  • PowerSchool hacker pleads guilty, released on personal recognizance bond
  • Rewards for Justice offers $10M reward for info on RedLine developer or RedLine’s use by foreign governments
  • New evidence links long-running hacking group to Indian government
  • Zaporizhzhia Cyber ​​Police Exposes Hacker Who Caused Millions in Losses to Victims by Mining Cryptocurrency
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Google: Hackers target Salesforce accounts in data extortion attacks
  • The US Grid Attack Looming on the Horizon

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • California county accused of using drones to spy on residents
  • How the FBI Sought a Warrant to Search Instagram of Columbia Student Protesters
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Malaysia enacts data sharing rules for public sector
  • U.S. Enacts Take It Down Act
  • 23andMe Bankruptcy Judge Ponders Trump Bill’s Injunction Impact
  • Hell No: The ODNI Wants to Make it Easier for the Government to Buy Your Data Without Warrant

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.