Yellow Pages Canada confirms cyberattack by Black Basta ransomware group

Canadian directory publisher, Yellow Pages Group, has confirmed that it was hit by a cyber attack. The Black Basta ransomware and extortion gang has claimed responsibility for the attack and has posted sensitive documents and data over the weekend.

Founded in 1908, the Yellow Pages Group owns and operates the YP.ca and YellowPages.ca websites, along with Canada411 online service.

Yellow Pages Group Confirms Data Breach Threat actors stole customer and employee data from the company. While directory services like Yellow Pages mainly collect and provide public data, it does not mean they do not have any personal or private corporate data.

Last week, threat intel analyst Dominic Alvieri spotted Black Basta ransomware gang sharing information about Yellow Pages Group on its data leak website.

After looking into Black Basta’s online post and confirmed that the ransomware group had leaked a sample of sensitive documents exposing personal information, such as ID documents (such as scans of passports and driver licenses) exposing people’s date of birth and address, tax documents—exposing Social Insurance Number (SIN), sales and purchase agreements, and other sensitive information.

Yellow Pages Group Initiates Investigation

Franco Sciannamblo, YP’s Senior Vice President Chief Financial Officer, confirmed that “Yellow Pages was recently the victim of a cyber attack.”

He further added that the company has immediately commenced a thorough investigation into the issue with the assistance of external cybersecurity experts to contain the incident and ensure that they had secured their systems.

Based on the dates present on the few leaked documents, it appears that the cyber attack occurred on or after March 15th, 2023.

Black Basta Ransomware Gang in Action

Earlier this month, Black Basta claimed responsibility for the cyber attack on Capita, a UK-based professional outsourcing provider, and threatened to sell stolen data to interested buyers unless Capita paid the ransom.

Last year, Black Basta had hacked Canadian food retail giant Sobeys causing IT issues and point-of-sale (POS) kiosks to malfunction.

Cybersecurity analysts have theorized Black Basta to be a rebrand of Conti ransomware gang based on its negotiation tactics.

The ransomware group has quickly catapulted into action over the past year, sometimes posting multiple high-profile victims at once on its data leak portal.