An employee from a company that operates a well-traveled toll road in southern Ontario, 407 Express Toll Route had been charged in a major breach of customer data.
The employee used a company computer to access and compile a list of names, addresses, and phone numbers of 60,000 customers in specific areas.
He is charged with mischief to data and unauthorized use of a computer.
The investigation began in May 2018 after the toll route operator reported a breach
TPRM report: https://scoringcyber.rankiteo.com/company/407etr
"id": "407214516123",
"linkid": "407etr",
"type": "Breach",
"date": "05/2018",
"severity": "60",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': '60,000',
'industry': 'Transportation',
'location': 'Southern Ontario',
'name': '407 Express Toll Route',
'type': 'Company'}],
'attack_vector': 'Internal Employee',
'data_breach': {'data_exfiltration': True,
'number_of_records_exposed': '60,000',
'personally_identifiable_information': True,
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personally Identifiable '
'Information']},
'date_detected': 'May 2018',
'description': 'An employee from a company that operates a well-traveled toll '
'road in southern Ontario, 407 Express Toll Route had been '
'charged in a major breach of customer data. The employee used '
'a company computer to access and compile a list of names, '
'addresses, and phone numbers of 60,000 customers in specific '
'areas. He is charged with mischief to data and unauthorized '
'use of a computer. The investigation began in May 2018 after '
'the toll route operator reported a breach.',
'impact': {'data_compromised': ['Names', 'Addresses', 'Phone Numbers']},
'initial_access_broker': {'entry_point': 'Internal Employee'},
'investigation_status': 'Investigation began in May 2018',
'motivation': 'Unspecified',
'post_incident_analysis': {'root_causes': 'Unauthorized access by an internal '
'employee'},
'regulatory_compliance': {'legal_actions': 'Employee charged with mischief to '
'data and unauthorized use of a '
'computer'},
'response': {'law_enforcement_notified': True},
'threat_actor': 'Internal Employee',
'title': '407 Express Toll Route Data Breach',
'type': 'Data Breach',
'vulnerability_exploited': 'Unauthorized Access'}