Yellow Pages Canada

Yellow Pages Group, a Canadian directory publisher has confirmed to BleepingComputer that it has been hit by a cyber attack.

Black Basta ransomware and extortion gang claims responsibility for the attack and has posted sensitive documents and data over the weekend.

Founded in 1908, the Yellow Pages Group today owns and operates the YP.ca and YellowPages.ca websites, along with Canada411 online service.

Threat actors stole customer and employee data

Granted, directory services like Yellow Pages largely collect and provide public data, that does not imply they possess no personal or private corporate data.

Last week, threat intel analyst Dominic Alvieri spotted Black Basta ransomware gang sharing information about Yellow Pages Group on its data leak website:

Black Basta posts Yellow Pages Canada
Black Basta posts Yellow Pages Canada (BleepingComputer)

BleepingComputer analyzed Black Basta's online post and can confirm the ransomware group has leaked a sample of sensitive documents exposing personal information. These include and are not limited to:

  • ID documents (such as scans of passports and driver licenses) exposing people's date of birth and address
  • Tax documents—exposing Social Insurance Number (SIN)
  • Sales and purchase agreements
  • 'Accounts Receivable' spreadsheet dated February 28, 2023
  • Budget and debt forecast dated December 2022

"Yellow Pages was recently the victim of a cyber attack," Franco Sciannamblo, YP's Senior Vice President Chief Financial Officer confirmed in a statement to BleepingComputer.

"As soon as we became aware of the attack, we immediately commenced a thorough investigation into this issue with the assistance of external cyber security experts to contain the incident and ensure that we had secured our systems."

"Based on our investigation to date, we have reason to believe that the unauthorized third party stole certain personal information from servers containing YP employee data and limited data relating to our business customers."

"We have been notifying impacted individuals and reporting to all appropriate privacy regulatory authorities regarding this incident. Substantially all of our services have now been restored."

Based on the dates present on the few leaked documents seen by BleepingComputer—specifically most recent ones, it appears the cyber attack occurred on or after March 15th, 2023.

Earlier this month, Black Basta had claimed responsibility for cyber attack on Capita, a UK-based professional outsourcing provider. The extortion group threatened to sell stolen data to interested buyers unless Capita paid the ransom.

Last year, Black Basta had hacked Canadian food retail giant Sobeys causing IT issues and point-of-sale (POS) kiosks to malfunction.

The ransomware group has quickly catapulted into action over the past year, sometimes posting multiple high profile victims at once on its data leak portal. Cybersecurity analysts have theorized Black Basta to be a rebrand of Conti ransomware gang based on its negotiation tactics. 

Related Articles:

The Week in Ransomware - May 12th 2023 - New Gangs Emerge

Black Basta ransomware poses as IT support on Microsoft Teams to breach networks

AutoCanada says ransomware attack "may" impact employee data

FBI, CISA, and NSA reveal most exploited vulnerabilities of 2023

Attacks on Citrix NetScaler systems linked to ransomware actor