DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Ca: Durham Region hit by cyberattack

Posted on April 10, 2021 by Dissent

Durham Radio News reports:

Durham Region has been hit by a recent cyberattack and experts are working to figure out what information may have been compromised.

That’s according to a statement from the region, which can be read below.

They say the vulnerability has since been addressed and the regional systems have been secured. There’s no word on what specifically led up to the attack.

Read more on Durham Radio News for their statement, which, unhelpfully, does not explain what happened.  Nor does it name the third-party softwre provider responsible for the breach.

There is a strong likelihood that the breach is related to the threat actors known as CLOP, who have dumped 6.5 GB of files on their leak site this week that they claim come from Durham.ca.  With CLOP, however, it’s not always clear whether they are the attackers or if they are just listing attacks by partners or affiliates.  Nor does their site specifically tag which victims were part of a large Accellion breach in December and January that is first being discovered and disclosed by some Accellion clients, so it is not clear whether Accellion is the software provider being referred to (but it is possible).

DataBreaches.net has not completed acquiring the dumped data, but notes that one thing that may spare some people from wider dissemination of their data is that CLOP’s downloads are painfully slow. That said, anyone in the Durham region should be prepared to receive messages threatening to disclose their data if they do not pay the attackers some extortion amount.  Most experts and law enforcement recommend against paying any extortion demand.

People in the Durham region should also be on guard against phishing attempts that use information the attackers acquired in the hack.  The phishing attempts are often quite realistic and targeted to the person using specific information that makes them seem credible.  If you get any request for your information or someone else’s information, do not provide it — and do not even email or call any number given in an email request.  Start from the beginning and look up the real phone number or email address of the person who is supposedly contacting you, and then reach out via that phone number to ask whether the email you received was from them.

h/t, @Chum1ng0

Update:  So after looking at the 6.5 GB of files that CLOP have dumped so far for Durham, it appears that yes, this was from the Accellion breach. The directory shows foldernames with email addresses, which is what we see for those using Accellion’s standalone server for their file transfer service.  The date of January 21 is also consistent when CLOP was albe to exploit one of four vulnerabilities in Accellion’s software that they found.

As to the files themselves: without going into detail, there appears to be a lot of child-related and student-related fiels that have fallen into the hands of criminals.  Hopefully Durham will make a full disclosure and notify those whose PII or PSI has been acquired.

 

Related posts:

  • Accellion’s data breach left clients in tough position: pay extortion to criminals, or have their data dumped (with updates)
  • The Fortra/GoAnywhere breach also affected healthcare entities. Here’s what we know so far, Part 2.
  • University of Maryland, Baltimore responds to Accellion breach
  • The Fortra/GoAnywhere breach also affected healthcare entities. Here’s what we know so far. (3)
Category: Non-U.S.Subcontractor

Post navigation

← SG: Possible data breach involving 62,000 e-mails sent to Certis
Br: Leak exposes 1.7 TB of customer data from Brazilian fintech iugu →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Texas Centers for Infectious Disease Associates Notifies Individuals of Data Breach in 2024
  • Battlefords Union Hospitals notifies patients of employee snooping in their records
  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data
  • Sacred Secrets: The Biblical Case for Privacy and Data Protection
  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.