The Yellow Pages was indeed the victim of a cyberattack that affected employee and business customer data, the company confirmed to La Presse. A letter was sent to employees and ex-employees of the company on Tuesday, more than a month after confidential data concerning them leaked.
“As soon as we became aware of the attack, we immediately launched a thorough investigation into this issue with the assistance of external cybersecurity experts to contain the incident and ensure that we had secured our systems,” said by email Franco Sciannamblo, senior vice president and chief financial officer of the Yellow Pages.
On Saturday, La Presse revealed that Black Basta hackers claimed responsibility for a cyberattack on the Yellow Pages. Samples of confidential information had been made public on the hidden web, including copies of passports, RAMQ cards, account statements and driver’s licenses.
Based on its investigation, the Yellow Pages has reason to believe the information was stolen from servers “containing Yellow Pages employee data and limited data regarding our business customers,” Sciannamblo confirmed.
He assured Sunday that the company has “informed those affected and reported this incident to all relevant privacy regulatory authorities”.
On Saturday, we had spoken with a person whose data was circulating on the hidden web. This person did not want to speak publicly, but said he had not been contacted by the Yellow Pages when he learned from La Presse of the information leak.
A former employee said he received a letter from the Yellow Pages on Tuesday, which La Presse was able to consult. This missive is dated last Friday, April 21, the day the Black Basta claimed responsibility for the attack.
“You are receiving this letter because you are or have been an employee of Yellow Pages. We hereby inform you that on March 21, 2023, an unauthorized third party gained access to certain YP servers regarding information about its employees. »
Such personal information as names, emails, residential addresses, emergency contact details, salaries, dates of birth, work visas and social insurance numbers are among the data that may have leaked, warned Franco Sciannamblo in this letter.
The company does not explain why it took more than a month to inform its employees and ex-employees of the threat to their personal data.
An arrangement has been made to provide individuals with a two-year subscription to TransUnion’s myTrueIdentity credit monitoring service.
“YP places great importance on the protection of personal information and we regret that such an incident has occurred,” the letter also read.