Skip to main content

Rogers Communications Inc. says that a security breach it attributes to “human error” resulted in outsiders gaining access to information associated with as many as 70 business accounts

Fred Lum/The Globe and Mail

Rogers Communications Inc. says that a security breach it is attributing to "human error" has resulted in outsiders gaining access to information associated with dozens of its medium-size business accounts.

The intruders appear to have used a technique known as "social engineering" – which relies on manipulating people into volunteering confidential information – to trick an IT support agent into handing over an employee's confidential details that were then used to gain access to Rogers's internal records.

Patricia Trott, a spokeswoman for the Toronto-based Internet and phone provider, said a "third party" accessed a "single e-mail address of one of our enterprise sales employees, who managed a small number of medium business accounts."

Story continues below advertisement

The breach occurred last week, she said in a statement Monday, and was due to "human error (not system error)."

Late Sunday afternoon, an anonymous Twitter user using the handle @TeamHans_ posted a link to a zip file containing copies of dozens of contracts for telecommunications services, as well as e-mail correspondence from the Rogers sales employee.

The contracts appear to relate to between 50 and 70 medium-sized businesses that were part of the portfolio managed by the employeewhose e-mail account was accessed. The contracts do not appear to contain payment or password information, but they do indicate the number of data or phone lines purchased as well as the amount spentby the business customers.

"The third party was able to access a small number of business agreements managed by this employee. The agreements include the business name, business address, business phone number and pricing details. They do not contain personal or financial information," Ms. Trott said in the statement. "The third party did not have access to any information on our retail customers (consumer accounts).

"As soon as we discovered the situation, we took all the necessary steps to secure our systems," she said, adding that the company is "working with the police" and has contacted the affected customers, which were in the Greater Toronto Area.

"As a precaution, we've put additional security procedures in place for our business customers. We take the privacy and security of our customers' information very seriously and we will continue to review our policies and procedures."

A report last week from Silicon Valley security firm FireEye Inc. outlined how corporations are often unprepared to counter data breaches.

Story continues below advertisement

As in the case of the Rogers breach, the report found that organizations are often vulnerable to mistakes by their own people. More than three-quarters of "phishing" e-mails – messages meant to fool recipients into sharing passwords and login information to access protected servers – came from hackers impersonating the company's information technology department or suppliers of anti-virus software in 2014,, almost double the level the previous year, the report said.

Stu Sjouwerman, chief executive of Florida-based security awareness training company KnowBe4 LLC, said hackers tend to target users because they are seen as a weak link: "They're the low-hanging fruit."

"But users can be trained," he added. "Users are smart, they're just not trained in IT. If you appeal to their common sense and you explain to them that the Web really is the Wild West … they see the light."

The website Databreaches.net first reported the breach on Sunday evening. The website said it conducted an interview with the individuals behind the @TeamHans_ Twitter account, who explained how they called Rogers IT support and convinced the agent to give them the sales employee's details.

According to the Databreaches story, those behind @TeamHans_ – who claim to reside outside Canada – said they demanded Rogers give them 70 bitcoins in exchange for not revealing the breach or sharing the information publicly.

The demand for the virtual currency is also revealed in one of the e-mails disclosed in the data dump, which outlines the steps Rogers was taking to address the breach of the employee's account and an apparent threat to him and his family. The intruders told Databreaches they did not make such a threat.

Story continues below advertisement

You have certain cybergangs that focus on this," Mr. Sjouwerman said of the type of scam seen in the Rogers breach. "You also have small, almost petty criminals, petty hackers, who do this for a living. Basically extortion on the Internet."

He noted that at the present price of about $273 (U.S.) per bitcoin, if Rogers had acceded to the demand, it would have been a "quick $19,000" for a few days' work.

The Rogers breach appears to have relied on gaining the trust of a help-desk employee – a decades-old tactic that "apparently still works," Mr. Sjouwerman said.

But he added that software-based "ransomware" scams are done on a far larger scale. In those cases, hackers typically entice users to click on a link that enables the hackers to encrypt computer files on the user's system and charge a "ransom" to restore access.

Report an error Editorial code of conduct
Tickers mentioned in this story
Unchecking box will stop auto data updates
Due to technical reasons, we have temporarily removed commenting from our articles. We hope to have this fixed soon. Thank you for your patience. If you are looking to give feedback on our new site, please send it along to feedback@globeandmail.com. If you want to write a letter to the editor, please forward to letters@globeandmail.com.

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to letters@globeandmail.com. Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to letters@globeandmail.com. Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff.

We aim to create a safe and valuable space for discussion and debate. That means:

  • Treat others as you wish to be treated
  • Criticize ideas, not people
  • Stay on topic
  • Avoid the use of toxic and offensive language
  • Flag bad behaviour

Comments that violate our community guidelines will be removed.

Read our community guidelines here

Discussion loading ...

Cannabis pro newsletter
To view this site properly, enable cookies in your browser. Read our privacy policy to learn more.
How to enable cookies