Big White issues data breach alert
Big White issues data breach alert
David Wylie Dec 20, 2021
Facebook
Twitter
Email
Facebook
Twitter
Email
Print
Save
A potential data breach due to possible malware on Big White’s servers has prompted an alert from the resort’s CEO.
In an email sent Monday to all vendors and suppliers to Big White, including the resort’s utilities, president and CEO of Big White Peter Plimmer said the company’s servers experienced “an unauthorized intrusion” sometime before Sept. 10.
Data accessed nefariously may include personal and business information, such as names, addresses, banking info, electronic funds transfer arrangements, and CRA business numbers.
“Although we are not aware of any actual misuse of your personal and/or business information, we are providing notice to you and other potentially affected parties about the incident, and about steps you can take to protect yourself against possible identity theft or fraud,” said Plimmer.
The resort has not been able to determine exactly when the unauthorized intrusion happened, but its technical incident response team said they believe it was likely during the first half of 2021.
“The intruder or intruders appear to have placed malware on our servers and, by doing so, may have gained access to certain personal data stored on those servers, including the personal information and banking data associated with your vendor/supplier account with us,” said Plimmer.
Affected servers have been disconnected and removed from service, and all data has been moved to new servers.
The resort has not been able to establish what, if any, information and banking data has been accessed or copied.
Plimmer said the resort has been working with a cybersecurity provider and will be contacting and offering cooperation to appropriate law enforcement.
The resort advised its vendors and suppliers to monitor bank statements and report any suspicious activity to relevant financial institutions.
“We also recommend that you remain vigilant for any suspicious emails seeking additional personal or banking information from you,” said Plimmer.
Cyber and ransomware attacks have been causing alarm all over the world.
The federal government, government of Quebec and Canada Revenue Agency temporarily suspended websites as a precaution after the Canadian Centre for Cyber Security issued an alert Dec. 10 about a recently discovered software vulnerability in a Java-based library of an Apache product known as Log4j.
Experts described the software flaw as akin to “leaving the back door open” in that it could give cyber criminals access to the thousands of organizations that use the open-source logging library.
While it’s up to companies and organizations to fix flaws that exist within their own systems, experts say Canadians should be doubly cautious when doing anything online. That means not clicking on suspicious links, being wary of emails from unknown sources, and monitoring their bank balances and credit card statements for unusual activity.
“All we can really do is keep being alert and doing all the things we should already be doing, but that not nearly enough of us are doing,” Arnold said.
"Change your passwords, go in and put in two-factor authentication in your systems,” Bhatia said.
David Wylie Dec 20, 2021
Save
A potential data breach due to possible malware on Big White’s servers has prompted an alert from the resort’s CEO.
In an email sent Monday to all vendors and suppliers to Big White, including the resort’s utilities, president and CEO of Big White Peter Plimmer said the company’s servers experienced “an unauthorized intrusion” sometime before Sept. 10.
Data accessed nefariously may include personal and business information, such as names, addresses, banking info, electronic funds transfer arrangements, and CRA business numbers.
“Although we are not aware of any actual misuse of your personal and/or business information, we are providing notice to you and other potentially affected parties about the incident, and about steps you can take to protect yourself against possible identity theft or fraud,” said Plimmer.
The resort has not been able to determine exactly when the unauthorized intrusion happened, but its technical incident response team said they believe it was likely during the first half of 2021.
“The intruder or intruders appear to have placed malware on our servers and, by doing so, may have gained access to certain personal data stored on those servers, including the personal information and banking data associated with your vendor/supplier account with us,” said Plimmer.
Affected servers have been disconnected and removed from service, and all data has been moved to new servers.
The resort has not been able to establish what, if any, information and banking data has been accessed or copied.
Plimmer said the resort has been working with a cybersecurity provider and will be contacting and offering cooperation to appropriate law enforcement.
The resort advised its vendors and suppliers to monitor bank statements and report any suspicious activity to relevant financial institutions.
“We also recommend that you remain vigilant for any suspicious emails seeking additional personal or banking information from you,” said Plimmer.
Cyber and ransomware attacks have been causing alarm all over the world.
The federal government, government of Quebec and Canada Revenue Agency temporarily suspended websites as a precaution after the Canadian Centre for Cyber Security issued an alert Dec. 10 about a recently discovered software vulnerability in a Java-based library of an Apache product known as Log4j.
Experts described the software flaw as akin to “leaving the back door open” in that it could give cyber criminals access to the thousands of organizations that use the open-source logging library.
While it’s up to companies and organizations to fix flaws that exist within their own systems, experts say Canadians should be doubly cautious when doing anything online. That means not clicking on suspicious links, being wary of emails from unknown sources, and monitoring their bank balances and credit card statements for unusual activity.
“All we can really do is keep being alert and doing all the things we should already be doing, but that not nearly enough of us are doing,” Arnold said.
"Change your passwords, go in and put in two-factor authentication in your systems,” Bhatia said.
