Cyber Security Incident April 19

On April 19 the Co-op was contacted by a “security researcher” (hacker) attempting to extort payment for data they had exfiltrated from our servers, and threatening to release that data publicly if we did not pay.

Upon examination of the evidence offered, we realized that they had indeed accessed log file data from a new logging server the Co-op had just implemented on our new cloud hosting infrastructure. That log server had minimal data for a single service, our email server. We determined that NO passwords nor any content of emails (neither subject lines nor message contents) were stolen. The limit of the privacy breach was the fact that this log file does show that email account X sent an email to email account Y. Regardless of any limitations on data breached, we regret this breach happening at all. 

Immediately upon discovery, we determined how this attacker obtained this data and fixed that issue and ensured that no further access had been obtained. We also notified members who use the Co-op’s email service of the incident and are reaching out to individual services that used the mail server as part of the service.

Our best estimation is that the main potential use of the stolen data could be to assist with future spear-phishing attacks, as the logs show evidence that one email address emailed another. Spear–phishing often exploits known existing relationships, with an attacked pretending to be a person who you would normally communicate with. This risk is ALWAYS present, with or without data breaches like the one we experienced. All Co-op members should review the anti-phishing/malware advisories shared within their own organizations. An example of such advice can be found at the Government of Canada’s Cybersecurity Guidance pages at https://www.cyber.gc.ca/en/guidance/dont-take-bait-recognize-and-avoid-phishing-attacks. Reviewing such documents and following the practices therein can help you avoid this vector of attack within your own organization.