Australian job seekers caught in Drake's $US50k hacker ransom standoff

Hackers have demanded $US50,000 from recruitment firm Drake International to prevent them from publishing a database they claim contains personal information about 300,000 Australian, New Zealand, British and Canadian job seekers.

Using the Twitter account @RexMundi_Anon, the hackers on Wednesday linked to their demand on Pastebin, where they make a claim to have breached a server at the recruitment firm’s Canadian operations last week.

“We gained access to over 300,000 confidential job applicant records, in addition to data related to the company's clients. The data stored inside the website's database relates to candidates located in Australia, New Zealand, the UK and Canada,” they said.

The hackers are threatening to publish the stolen database unless Drake International paid the group $50,000 by the end of this week. They posted the threat after claiming Drake had not responded to their demand and released details of one candidate each from Australia, New Zealand, and Canada to prove they were in possession of the database.

A payment however looks unlikely to happen after Canadian Drake executive Tony Scala, who confirmed the breach on Wednesday to the Financial Post, said it “won’t be blackmailed” and will not negotiate with the hackers.

A log of Drake’s complaint with the Toronto Police Service notes that Drake and its agencies around the world had agreed on not paying the group, according to Databreaches.net.

Drake was cooperating with authorities to ensure the details would be “protected as best they can be”, said Scala, adding that the company intends to contact affected candidates by email.

It’s not known how many Australian candidates’ records were in the stolen database. CSO Australia is waiting for a response from Drake Australia.

Drake’s Scala said the stolen database was “old” and that the breach was “limited in scope”.

Drake has operations in nine countries.

Follow @CSO_Australia and sign up to the CSO Australia newsletter.

Tags hackersDrake Internationalprivacy

Comments

Comments are now closed

CSO Corporate Partners
  • f5
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Fraud Management Solutions

Reduce fraud losses regardless of channel by preventing cybercrime, identity theft, and other threats targeting your customers.

Security Awareness Tip
Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.