A company operating apartment buildings in several Alberta communities, including Lethbridge, Medicine Hat and Red Deer had a privacy breach.
Tenants’ personal information was stolen and sold for criminal purposes.
Calgary Police began conducting a criminal investigation concerning the fraudulent use of personal information to apply for credit cards.
It was determined an employee accessed the organization’s server after hours using a personal device.
The information which was stolen included names, birth dates, social insurance numbers, email addresses and signatures.
The documentation was then sold and used to fraudulently purchase credit cards.
It’s believed around 30 people have been directly impacted, but more people could potentially be affected.
TPRM report: https://scoringcyber.rankiteo.com/company/avenue-living-asset-management
"id": "ave231830622",
"linkid": "avenue-living-asset-management",
"type": "Breach",
"date": "05/2018",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'customers_affected': 30,
'industry': 'Real Estate',
'location': ['Lethbridge', 'Medicine Hat', 'Red Deer'],
'type': 'Apartment Management Company'}],
'attack_vector': 'Insider Threat',
'data_breach': {'data_exfiltration': True,
'number_of_records_exposed': 30,
'personally_identifiable_information': True,
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personal Information']},
'description': 'A company operating apartment buildings in several Alberta '
'communities, including Lethbridge, Medicine Hat, and Red '
'Deer, experienced a privacy breach where tenants’ personal '
'information was stolen and sold for criminal purposes. An '
'employee accessed the organization’s server after hours using '
'a personal device, stealing information including names, '
'birth dates, social insurance numbers, email addresses, and '
'signatures. The stolen information was used to fraudulently '
'apply for credit cards. Around 30 people have been directly '
'impacted, but more could potentially be affected.',
'impact': {'data_compromised': ['names',
'birth dates',
'social insurance numbers',
'email addresses',
'signatures'],
'identity_theft_risk': 'High',
'systems_affected': 'Organizational Server'},
'initial_access_broker': {'data_sold_on_dark_web': True,
'entry_point': 'Employee Access'},
'investigation_status': 'Ongoing',
'motivation': 'Financial Gain',
'post_incident_analysis': {'root_causes': 'Unauthorized employee access'},
'references': [{'source': 'Calgary Police'}],
'response': {'law_enforcement_notified': True},
'threat_actor': 'Internal Employee',
'title': 'Privacy Breach at Alberta Apartment Management Company',
'type': 'Privacy Breach',
'vulnerability_exploited': 'Unauthorized access to organizational server'}