November 15, 2017 by The Canadian Press (CPSTF)
Toronto-based VerticalScope Inc. says six of the community websites it administers were hacked last month in the latest of a recent series of data breaches affecting Canadian online user information.
The company says in an emailed statement an “unauthorized party” gained access to community member data for six of its websites on Oct. 17 and 21 and some of the data was disclosed online.
It says the data did not include credit card or banking information but did include usernames, email addresses, encrypted passwords, user identifications, registration dates and IP addresses for websites including DIYchatroom.com, PBnation.com, HysterSisters.com, ToyotaNation.com, JeepForum.com and WatchUSeek.com.
Alex Holden of Hold Security, LLC, says his American cybersecurity firm was able to intercept hackers’ attempts to sell data stolen from VerticalScope and tracked down screenshots containing current secure information to confirm the breaches had taken place.
He says the attack was “rather sophomoric” and its success doesn’t reflect well on VerticalScope’s cybersecurity readiness, adding it’s unclear how many people had their confidential information stolen.
VerticalScope, which is majority owned by TorStar Corp., says it has caused all of the passwords on the sites to expire and has notified affected users. It says the breach has been reported to the federal Privacy Commissioner, Toronto Police Service and the RCMP cybercrime unit.
About 8,000 Canadians had personal information and, in some cases, credit card information, exposed in the massive Equifax cyberbreach that occurred in July but wasn’t reported until September.
According to the Insurance Bureau of Canada, specialty insurance coverage for cyber liability risks is relatively new to the marketplace. “The possibility of cyber liability lawsuits is a reality that every business owner should consider,” IBC said on its website. “There have been several very high-profile personal information breaches that affected tens of millions of records and will cost the companies involved millions of dollars.”