The organization that stole data from the Saskatchewan Liquor and Gaming Authority (SLGA) in a Christmas Day hack claims it has now sold “the most valuable data” it took. In a post on social media app Telegram, the hackers wrote: “We assume it’s already on the black market.”
They also announced that they made the rest of the data, more than 1TB of documentation, available on the dark web.
CBC has reviewed some of the tens of thousands of newly leaked documents. They appear to encompass every aspect of SLGA’s operations, including gambling, liquor and marijuana regulation.
CBC has reached out to SLGA for comment but has not responded as of publication time.
SLGA officials notified the public of the hack on December 28. At the time, Crown Corporation assured the public that it had “no evidence that the security of customer, employee, or other personal information was compromised.”
Since then it has become clear that the hackers stole data from some SLGA employees and business partners such as suppliers and vendors. In a March 22 post on its website, SLGA warned its business partners that the hackers may have taken their “names, addresses, phone numbers, and in some cases dates of birth, birthplaces, driver’s license numbers, criminal records, certain medical information, financial information, previous information.” Names (e.g. birth or maiden name), physical characteristics.”
Weeks ago, the hackers told CBC via email and phone call that they had stolen SLGA data and locked down the organization’s systems with ransomware. They said they wanted SLGA to pay an undisclosed amount to restore their systems and ensure the stolen data is not made public.
“We have only one option for SLGA – to continue negotiations to resolve this issue and avoid data disclosure,” the hackers wrote.
In a media crum in early April, Jim Reiter, the minister in charge of the SLGA, told CBC there would be no negotiations.
“I don’t want to be in a position where we pay taxpayers’ money to ransom criminals. I mean, what message does that send to the next hacker?” he said.
In their social media post on Tuesday, the hackers shared some of CBC’s stories about the hack, saying this is “what happens to those who try to deny reality by trying to use threats and dirty talk during negotiations.” use tricks”.
Brett Callow, a threat analyst at cybersecurity firm Emsisoft, told CBC that while the hackers sold data on the black market, they could also be lying.
“It’s also possible that they just say that to set an example for SLGA so that other victims in the future will look back and read what happened with SLGA and think we don’t want to go through that. We’re just going to pay.”