The CBC's more than 20,000 of its past, present, and contract employees personal and financial information were at risk after a break-in and the theft of computer equipment.
An intruder broke into a secure area of CBC/Radio-Canada & stole a piece of computer equipment.
The stolen equipment contains electronic files, including some financial information.
A letter has been sent to the home addresses of all employees detailing the information that has been put at risk including names, bank accounts, and amounts deposited into bank accounts by CBC.
CBC has budgeted $300,000 to cover the cost of notifying those affected by the breach and providing employees with a year's worth of credit monitoring and insurance against identity theft.
Source: https://www.cbc.ca/news/politics/cbc-privacy-breach-insurance-1.4665909
TPRM report: https://scoringcyber.rankiteo.com/company/cbc
"id": "cbc12317722",
"linkid": "cbc",
"type": "Breach",
"date": "05/2018",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"
{'affected_entities': [{'industry': 'Media and Broadcasting',
'location': 'Canada',
'name': 'CBC/Radio-Canada',
'size': 'Large',
'type': 'Media Organization'}],
'attack_vector': 'Physical Theft',
'data_breach': {'file_types_exposed': 'Electronic Files',
'number_of_records_exposed': '20,000',
'personally_identifiable_information': ['Names',
'Bank Accounts',
'Amounts Deposited'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personal Information',
'Financial Information']},
'description': 'An intruder broke into a secure area of CBC/Radio-Canada and '
'stole a piece of computer equipment containing personal and '
'financial information of more than 20,000 past, present, and '
'contract employees.',
'impact': {'data_compromised': ['Personal Information',
'Financial Information'],
'financial_loss': '$300,000',
'identity_theft_risk': 'High',
'payment_information_risk': 'High'},
'initial_access_broker': {'entry_point': 'Physical Access'},
'motivation': 'Theft of Data',
'post_incident_analysis': {'root_causes': 'Inadequate Physical Security'},
'response': {'communication_strategy': ['Letter to Employees'],
'remediation_measures': ['Credit Monitoring',
'Identity Theft Insurance']},
'threat_actor': 'Intruder',
'title': 'CBC Data Breach via Equipment Theft',
'type': 'Data Breach',
'vulnerability_exploited': 'Physical Security'}