Breached?

Report an incident

Question?

Contact us now

Blog

Government & Not for Profit | Security & Law Enforcement | October 24, 2018

Federation of Sovereign Indigenous Nations pays hacker $20K in bitcoin after breach

Robert Beggs
Excerpt: The hacker gained control of the FSIN's internal files and email system, holding it ransom. A wide range of data was taken. It included files on residential school survivors, youth athletes and their coaches, internal land claims and a host of other topics. The social insurance numbers, treaty card numbers and health claims of staff and the executive were also accessed. The hack went undetected for an undetermined amount of time. In May, an FSIN staff member got an email from the hacker demanding a ransom of more than $100,000. The FSIN treasury board and its audit committee, made up of chiefs and others from across the province, met to discuss the situation. Some wanted an immediate notice sent to all of the employees, parents, companies and others affected. They said police should be called and a public statement issued. None of that happened. They also told FSIN staff and executive not to pay the hacker. They said the hacker might accept the money and then keep the data on file anyway. However, in the days following the treasury board meeting, quiet negotiations with the hacker continued. Someone at the FSIN eventually authorized and paid the hacker more than $20,000 worth of bitcoin, a "cryptocurrency" used as a method of payment online.