Rogers Says Hackers Accessed Small Number of Business Accounts

A hacker group called TeamHans has leaked hundreds of megabytes of data allegedly stolen from the systems of Canadian communications and media company Rogers.

According to DataBreaches.net, the attackers leaked sensitive corporate information such as contracts, emails, documents, and even VPN data. TeamHans said it gained access to the information on February 20 after tricking support staff into changing the password for an employee’s email account.

The information found in the targeted employee’s email account led TeamHans to an online tool used by Rogers to manage contracts.

The attackers attempted to blackmail Rogers and asked the company to pay 70 Bitcoins in exchange for not leaking the stolen information.

Contacted by SecurityWeek, Rogers said the attackers gained access to a single email account belonging to an enterprise sales employee.

“A single email address of one of our enterprise sales employees, who managed a small number of medium business accounts, was accessed last week by a third party due to human error. The third party was able to access a small number of business agreements managed by this employee,” Rogers said in an emailed statement.

The agreements accessed by the hackers included business names, business addresses, business phone numbers and pricing details. However, they didn’t contain personal or financial information. The attackers haven’t accessed consumer accounts, Rogers said. 

“As soon as we discovered the situation we took all the necessary steps to secure our systems. We are working with the police and we have been contacting affected business customers,” the company noted. “As a precaution, we’ve put additional security procedures in place for our business customers. We take the privacy and security of our customers’ information very seriously and we will continue to review our policies and procedures.”

This isn’t the first time Rogers employees have fallen victim to social engineering. In March 2014, Canadian Bitcoins accused Rogers staff of facilitating a data breach that resulted in the theft of $100,000 worth of Bitcoins.