Ganjapreneur.com

Aurora Hacker Posts Data for Sale, Says Ransom Request Was Ignored

Hand of a man using laptop computer for hacking or steal data at night in office. Hacking concept

The hacker behind a Christmas Day intrusion into the Microsoft Cloud software of Aurora Cannabis appears to be trying to sell the company’s data on an online marketplace.

Full story continued below.

Advertisement

Advertise Here

Hacked Aurora Cannabis data – including copies of passports, driver licenses, and credit card information – appears to be for sale on an online marketplace following a Christmas Day intrusion into the company’s Microsoft Cloud software, Yahoo Finance reports.

The breach was first reported by MJBizDaily who said employees indicated that home and banking information for both current and former employees were also unveiled.

Aurora spokeswoman Michelle Lefler confirmed the incident to MJBizDaily and explained that the Canadian company “immediately took steps to mitigate the incident, [and] is actively consulting with security experts and cooperating with authorities.”

“Aurora’s patient systems were not compromised, and the company’s network of operations is unaffected.” — Lefler in a statement via MJBizDaily.

The post attempting to sell the data – for one Bitcoin which is currently worth about $34,000 – includes 11 “proof of concept” sample images, including a passport apparently belonging to Chief Information Officer Darryl Vleeming and a driver’s license allegedly belonging to Amy Lamoureux, a supply chain manager.

The hacker’s forum post, attempting to sell the stolen data. Image credit: BleepingComputer.com

The hacker selling the data told BleepingComputer that there is 50GB of data in all and that they still have access to Aurora’s networks. The hacker said they contacted the company but “all them ignore this breach (sic)” and that a ransom was demanded but the hacker said, “all employs (sic) ignored me.”

Office of the Privacy Commissioner of Canada Senior Communications Advisor Vito Pilieci said the agency was notified of the hack on December 31 and has been working with the company on gathering information to determine the next steps.

[mashshare]

Get daily news insights in your inbox. Subscribe

End


Exit mobile version