Canada-based directory publisher Yellow Pages Group has been the recent victim of the Black Basta ransomware group, wherein private documents and data were published on the hacker group's data leak website.
Yellow Pages Data Leaked
While the directory holds data that can be accessed by anyone publicly, it also had information that can be used for malicious activity if it gets into the wrong hands. Yellow Pages have already confirmed that it had suffered a cyberattack where personal data was stolen by threat actors.
Black Basta, slowly becoming a more notorious extortion group, has claimed responsibility for the breach. Intel analyst Dominic Alvieri found information about the Yellow Pages Group shared by the mentioned ransomware gang on its data leak website.
According to Bleeping Computer, the private information shared includes ID documents showing date of birth and addresses, tax documents revealing Social Insurance Numbers, sales and purchase agreements, budget and debt forecast in December 2022, and more.
Yellow Pages Senior Vice President CFO stated that they immediately launched an investigation into the issue with the help of external cybersecurity experts as soon as the attack was detected. The publisher aims to contain the threat and secure its systems.
The investigation shows that the threat actors have acquired personal information from servers that affect both Yellow Pages employee data and customer data. The owners of the stolen data had already been notified as well as the appropriate authorities.
Based on the latest report, almost all Yellow Pages services have been restored. There is no additional information about the demands of the Black Basta ransomware group so far aside from the publicized data on the hacker group's website.
Incidents Involving Black Basta
The ransomware extortion group has been active as of late, with its last victim, Capita, attacked just last month. The outsourcing company first saw the attack as an IT issue, which they eventually determine was a cyberattack.
Capita claims that it had detected the threat early enough that only around 4% of the company's server estate was breached. The outage caused by the cyberattack affected its access to Microsoft Office 365 applications, but it has since been restored by Capita's technical partners.
The data stolen included passport and driver's license scans, payment details, floor plans for several buildings, employment screenings, and employment offer information, as mentioned in Security Week. Reports say that the attack may have been possible due to a Qakbot email.
The post from Black Basta on its data leak website has already been taken down, which means that Capita either paid the ransom, renegotiated, or managed to counter the hacker group's attack. The company did not reveal further information.
It was also said that the company tried to downplay the severity of the security breach to both the public and its investors, and only revealed the actual extent of it after a cybersecurity researcher, Kevin Beaumont said that it will release a blog about the cyber incident.
The last attack it conducted last year was the retail giant Sobeys based in Canada, wherein the ransomware group caused IT issues. It also affected the point-of-sale kiosks of the retailer, resulting in their malfunctioning.