Yellow Pages Canada Suffered a Cyberattack
Leaked Documents Include IDs, Tax Documents, Sales and Purchase Agreements, and More.
Yellow Pages Group, a Canadian entity that specializes in directory publishing, has officially confirmed that it has fallen victim to a cyberattack.
Black Basta, a group known for spreading ransomware and engaging in extortion, has taken credit for the attack and, over the course of the weekend, has published sensitive documents and data.
Yellow Pages Group (Groupe Pages Jaunes en français) is a Canadian publisher of directories established in 1908. In Québec, Ontario, Manitoba, Alberta, British Columbia, the Territories, and Atlantic Canada, YPG is the incumbent directory publisher.
Yellow Pages Group currently owns and operates the websites YP.ca and YellowPages.ca, in addition to the online service Canada411.
Threat Actors Stole Data from Clients and Employees
While services like the Yellow Pages do provide a lot of publicly available information, that doesn’t mean they don’t also have access to sensitive company data or private customer information.
Last week, threat intelligence analyst Dominic Alvieri noticed that the Black Basta ransomware gang was sharing information about Yellow Pages Group on its data leak website:
BleepingComputer analyzed the online post by Black Basta and found that the ransomware group has released a sample of documents containing personal information. These may include, but are not necessarily limited to:
- ID documents (such as scans of passports and driver licenses) exposing people’s date of birth and address
- Tax documents—exposing Social Insurance Number (SIN)
- Sales and purchase agreements
- ‘Accounts Receivable’ spreadsheet dated February 28, 2023
- Budget and debt forecast dated December 2022.
According to a statement given to BleepingComputer by YP’s Senior Vice President and Chief Financial Officer, Franco Sciannamblo, “Yellow Pages was recently the victim of a cyber attack.”
As soon as we became aware of the attack, we immediately commenced a thorough investigation into this issue with the assistance of external cyber security experts to contain the incident and ensure that we had secured our systems.
Based on our investigation to date, we have reason to believe that the unauthorized third party stole certain personal information from servers containing YP employee data and limited data relating to our business customers.
The company has been informing affected parties and reporting to relevant privacy regulatory authorities. Almost all of their services are back up and running at this point.
The cyber attack likely occurred on or after March 15th, 2023, as evidenced by the dates on the few leaked documents analyzed by the publication, particularly the most recent ones.
The ransomware group has been active over the past year, occasionally posting multiple victims on its data leak portal. Some cybersecurity analysts have suggested that Black Basta may be related to the Conti ransomware gang due to similarities in their negotiation tactics.