Data stolen from the Collège Montmorency is sold on the dark web by hackers who threaten to release it.
• Also read – Cyber attack on the Collège Montmorency: personal data was compromised
“Cyber attack on the Collège Montmorency […] Management must contact us immediately if they want to prevent the full data from being published on our blog,” cybercriminal group AvosLocker writes in English on a page of the underground web.
Although not explicit in its threat, this group, which is closely watched by the FBI, usually demands a ransom from the organizations it hacks.
On May 19, Cégep announced that it had been the target of a cyber attack. Police departments and the Quebec government notified him earlier this week about the sale of data on the internet, the facility said via email yesterday.
To prove its credibility, hackers on the dark web have made a sample of 15 files available for free download. It also seems possible to contact the criminals if you want to buy all the data.
The QMI agency could see the sample data. It includes, among other things, communication between employees, plans and invoices. Accessible items include an employee’s cell phone number, email address, and a supplier’s signature.
It has not been disclosed how sensitive the stolen files are, which by our conservative estimates could number in the tens of thousands.
Still, “certain personal information on the college’s computer servers may have been compromised,” confirmed Marilyn Doucet, spokeswoman for the college.
In a sign that the risk is real, Cégep has even offered credit file protection to its community.
Mme Doucet refuses to say if the college plans to pay any possible ransom.
“This aspect of the file is highly confidential and represents one of the critical elements of the police investigation,” she wrote. However, a specialized company commissioned by Cégep is in contact with the criminal group, she confirms.
According to computer expert Éric Parent, the university administration faces a delicate dilemma: Should a ransom be paid?
“It always depends on the requested quantity. If we ask for $25,000 I would say pay and buy peace. What is certain, however, is that you have just contributed to the enrichment of criminals.
In theory, a payment should stop hackers from releasing the data, the CEO of EVA Technologies believes.
A concerned student
A Collège Montmorency graduate whose schoolwork ended up in a sample of 15 files released by hackers fears his personal information will end up in the hands of criminals.
“I don’t mind schoolwork, but if we’re going to talk about personal information, then yes, I’m concerned […] Do hackers also have my personal folder with all my information? [sensibles]like my social security number?” said Jean-Michel Lemieux, a qualified dietitian, in an interview with the agency QMI.
“I don’t have an answer to that question, and I don’t think I understand it,” he says. I find it a bit confusing.”
If he had received emails from the college updating him on the general situation, it was the QMI agency that informed him that one of his works was among the samples on the dark web.
The institution ensures via e-mail that it does everything possible to inform and protect the persons concerned.
“Based on information available to the college, credit file coverage has been offered at the college’s expense to anyone who may have been affected,” spokeswoman Marilyn Doucet said.
– In collaboration with Philippe Langlois