A cybersecurity incident that affected certain Saskatchewan Liquor and Gaming Authority (SLGA) computer systems and applications on Christmas Day has taken a new turn.
A group that says they are responsible for the data hack that targeted SLGA shared that it has possession of over 1.2 terabytes of uploaded confidential information following the incident.
This includes employee data, client contracts and non-disclosure agreements.
An email was sent to Global News by someone under the name Dr. Clement Goyette who provided some details on the matter and referenced a news release that the provincial government released on the incident.
“We remind you that (government’s website) published a news item on December 25, 2021, which states ‘SLGA is committed to data safety, is taking the matter very seriously and asks its employees, customers and partners for their patience as it seeks to remediate the situation’ — which is an absolute lie,” the person typed in the opening line of the email.
“We intend to refute this false news in the near future.”
Startling discovery
Manmohan Minhas, the president and CEO of Minhas Sask, which states on the company’s website that it’s the largest distillery, winery and brewery in Saskatchewan’s history, said he knew about the breach back in December.
However he recently found out his company’s personal financial information was part of the SLGA security breach at the hands of the hackers demanding a ransom from the province.
Minhas added that he did not realize the hackers had actually obtained a document which displayed their corporate credit card number, the card’s expiry date and security code.
The document also showed Minhas’s signature.
“I was quite surprised and stunned that my credit card is out there,” said Minhas.
“My suggestion to them is that they should use their God-given talent to do the legal stuff and they will be lot more successful.”
He noted that there were no illegal or unusual charges posted on their credit cards. Minhas said the card, which had its information displayed on the document brought to his attention, expired in February, but there were no unauthorized charges to it.
Based on the amount of data that was taken, Minhas believes the hackers gathered data which included sales and pricing.
“It doesn’t bother me to be truthful because I try to not let too many things bother me,” he explained. “I’m not too worried about my sales data getting into the hands of my competition. What are they going to do about it? I’m not worried about it.”
Minhas shared that no one from SLGA has been in touch with him to let him know of the situation.
Jim Reiter, the minister responsible for SLGA, said the authority has been working with the privacy commissioner on this front due to the amount of people impacted by the situation.
When asked why suppliers weren’t notified by SLGA, he explained that the privacy commissioner’s office felt comfortable with what they refer to as “indirect notifications,” which included the news release issued and posted on the government’s website.
The minister said they have been keeping suppliers notified on operational updates. He believes there have been about five or six notices sent out to all SLGA suppliers referring to the data hack.
“I think they felt like it stands to reason that they are not sure what information was taken,” Reiter stated.
Reiter admitted they are not certain what the group of hackers will do next or what information they have in their possession.
He said they are relying on the privacy commissioner to warn as many people and provide as much disclosure as possible.
“This is not a whistleblower, this is a criminal,” the minister said. “This is part of a group that stole private information and is trying to get a ransom out of it.”
Reiter’s understanding is that the Saskatchewan government has never negotiated a ransom with hackers in the past.
He added that SLGA is largely operational now and anything that potentially is not back to 100 per cent will be in the next while.
Opportunity to learn from challenges
Cybersecurity expert Brennen Schmidt suggested that this type of event is just going to show that it’s something that will not be going away and something that the province will have to pay close attention to going forward.
Schmidt said there is a lot of talk now about the adoption of broadband, which he called great news. However, he mentioned that it will become increasingly important for governments, municipalities, the private sector and stakeholders to prepare for these types of events as we start shifting towards digital services.
“If we don’t have any sort of coordination, you can see at worst an event where there could be life safety put at risk, especially if we’re talking about critical infrastructure or anything related to health care,” Schmidt said.
Schmidt recommended that this is a demonstration for a need to convene a panel on critical infrastructure and cybersecurity in order to educate representatives from across public, private and non-profit sectors regarding cybersecurity threats.
He said this is a problem that is not going away soon.
“Threat actors are going to do whatever they can with the resources that they have in order to meet their objectives. The best thing that can happen, though, is to flip that around and make sure that you’re not falling victim to that.”