An association representing Canadian small and medium-sized businesses has admitted that someone recently stole a database of its prospects and put them up for sale.
Dan Kelly, Chief Executive Officer Canadian Federation of Independent Businesssaid Thursday that the database is “mostly out-of-date information” and is not the main database of the association’s estimated 97,000 members.
Still, according to a posting on a criminal marketplace, the database has fields for names, street addresses, email addresses and mobile phone numbers — enough information for a phishing campaign. Kelly did not say how many names were in the stolen database.
Kelly said the federation did not know about the data leak until it was contacted IT World Canada Thursday morning. A cyber security researcher tipped us off about a database being offered on a criminal marketplace.
The posting listed a date of 29/12/2022, suggesting the file was stolen on that date. The posting says the data format is csv and the number of records is 972,235.
“It looks like its potential data, not subscription data,” Kelly said in an interview. “We are not sure of the exact nature of this … so we are conducting a full investigation.”
The database appears to be a list of leads compiled for sales staff when they knock on doors to sell memberships, he said. “It’s mostly old information,” he said, “very basic information that anyone can find by doing a Google search.”
It’s mostly information that any business has a lead list. Their information is public for the most part… It’s mostly stuff that we’ve either collected from businesses in the past or maybe bought lists of leads .
Some of the businesses in the database may not be around anymore, he said.
“We are probing further to ensure that there is nothing [personal] There that would worry someone.
It is not clear how the data was copied. The file was apparently placed in a Microsoft Power BI database. “We think we have [now] All loopholes are closed ”in the application, Kelly said.
union in december Launched an online cyber security training program Aimed at Canadian small and medium businesses.