The association representing Canada’s small business has admitted that someone recently stole its prospect database and put it up for sale.
Dan Kelly, CEO of the Federation of Independent Businesses of Canada, said Thursday that the database was “mostly outdated information” and not the main database for the association’s estimated 97,000 members.
Still, the database has fields for name, address, email address, and mobile phone number, enough information for a phishing campaign, according to a post on the crime marketplace. Kelly did not disclose how many names were in the stolen database.
Kelly said the federation was unaware of the data breach until it was contacted by: IT World Canada thursday morning. We were informed by a cybersecurity researcher who discovered that the database was offered on the criminal market.
The post is dated December 29, 2022, suggesting the files were stolen on that date. The data format is CSV, and the number of records is 972,235.
“It looks like prospect data, not member data,” Kelly said in an interview.
The database looks like a list of leads compiled for federal sales staff knocking on doors to pitch merchants, he said. “It’s mostly old information,” he said.
It said, “Most of the information is list-leading for companies. It’s something.”
Some companies in the database may no longer exist, he added.
“We are investigating further just to make sure nothing is wrong. [personal] Everyone will be worried there.
It’s not clear how the data was copied. It looks like the file was kept in a Microsoft Power BI database. “I think we have 1679003217 We’ve closed all the loopholes in the application,” Kelly said.
In December, the Commonwealth launched an online cybersecurity training program for small businesses in Canada.