Yellow Pages Group, a Canadian listing writer has confirmed to BleepingComputer that it has been hit by a cyber assault.

Black Basta ransomware and extortion gang claims duty for the assault and has posted delicate paperwork and information over the weekend.

Based in 1908, the Yellow Pages Group right now owns and operates the YP.ca and YellowPages.ca web sites, together with Canada411 on-line service.

Risk actors stole buyer and worker information

Granted, listing providers like Yellow Pages largely gather and supply public information, that doesn’t suggest they possess no private or non-public company information.

Final week, risk intel analyst Dominic Alvieri noticed Black Basta ransomware gang sharing details about Yellow Pages Group on its information leak web site:

BleepingComputer analyzed Black Basta’s on-line submit and might affirm the ransomware group has leaked a pattern of delicate paperwork exposing private info. These embody and are usually not restricted to:

• ID paperwork (reminiscent of scans of passports and driver licenses) exposing folks’s date of delivery and tackle
• Tax paperwork—exposing Social Insurance coverage Quantity (SIN)
• Gross sales and buy agreements
• ‘Accounts Receivable’ spreadsheet dated February, 28 2023
• Funds and debt forecast dated December 2022

“Yellow Pages was lately the sufferer of a cyber assault,” Franco Sciannamblo, YP’s Senior Vice President Chief Monetary Officer confirmed in an announcement to BleepingComputer.

“As quickly as we grew to become conscious of the assault, we instantly commenced a radical investigation into this problem with the help of exterior cyber safety consultants to comprise the incident and be sure that we had secured our methods.”

“Based mostly on our investigation to this point, we’ve cause to consider that the unauthorized third social gathering stole sure private info from servers containing YP worker information and restricted information regarding our enterprise clients.”

“Now we have been notifying impacted people and reporting to all applicable privateness regulatory authorities relating to this incident. Considerably all of our providers have now been restored.”

Based mostly on the dates current on the few leaked paperwork seen by BleepingComputer—particularly most up-to-date ones, it seems the cyber assault occurred on or after March fifteenth, 2023.

Earlier this month, Black Basta had claimed responsibility for cyber assault on Capita, UK-based skilled outsourcing supplier. The extortion group threatened to promote stolen information to consumers except Capita paid the ransom.

Final 12 months, Black Basta had hacked Canadian food retail giant Sobeys inflicting IT points and point-of-sale (POS) kiosks to malfunction.

The ransomware group has shortly catapulted into motion over the previous 12 months, typically posting a number of excessive profile victims without delay on its information leak portal. Cybersecurity analysts have theorized Black Basta to be a rebrand of Conti ransomware gang primarily based on its negotiation techniques.