Hacked Aurora Cannabis data – including copies of passports, driver licenses, and credit card information – appears to be for sale on an online marketplace following a Christmas Day intrusion into the company’s Microsoft Cloud software, Yahoo Finance reports.
The breach was first reported by MJBizDaily who said employees indicated that home and banking information for both current and former employees were also unveiled.
Aurora spokeswoman Michelle Lefler confirmed the incident to MJBizDaily and explained that the Canadian company “immediately took steps to mitigate the incident, [and] is actively consulting with security experts and cooperating with authorities.”
“Aurora’s patient systems were not compromised, and the company’s network of operations is unaffected.” — Lefler in a statement via MJBizDaily.
The post attempting to sell the data – for one Bitcoin which is currently worth about $34,000 – includes 11 “proof of concept” sample images, including a passport apparently belonging to Chief Information Officer Darryl Vleeming and a driver’s license allegedly belonging to Amy Lamoureux, a supply chain manager.
The hacker selling the data told BleepingComputer that there is 50GB of data in all and that they still have access to Aurora’s networks. The hacker said they contacted the company but “all them ignore this breach (sic)” and that a ransom was demanded but the hacker said, “all employs (sic) ignored me.”
Office of the Privacy Commissioner of Canada Senior Communications Advisor Vito Pilieci said the agency was notified of the hack on December 31 and has been working with the company on gathering information to determine the next steps.