Update: On April 28, Yellow Pages issued a breach notification to employees affected by the breach. The notification reports that the types of information involved varied by individual and may have included name, email address, postal address,
Social Insurance Number (where applicable), bank account information, emergency contact information, salary information, and date of birth. For what they describe as a “limited number of employees,” employment visa information (if applicable) may also have been involved.
The notification makes no mention of any data having been leaked on the dark web by the threat actors (Black Basta). A check of Black Basta’s leak site shows that the Yellow Pages listing is still up with the small sample of files provided as proof. No other data has been leaked as of this date.
On April 22, @PogoWasRight posted on infosec.exchange:
DataBreaches had been watching for any announcement from Yellow Pages since mid-March, when a Canadian consumer made this site aware that Yellow Pages was dealing with an incident that they were not disclosing as a ransomware attack although it sounded like one.
Now Black Basta may have forced their hand by adding them to their leak site and posting some proof of claims that includes internal documents and some identity documents.
Ax Sharma reports:
Yellow Pages Group, a Canadian directory publisher has confirmed to BleepingComputer that it has been hit by a cyber attack.
Black Basta ransomware and extortion gang claims responsibility for the attack and has posted sensitive documents and data over the weekend.
Read more at BleepingComputer.