Australian job seekers caught in Drake's $US50k hacker ransom standoff

  • Liam Tung (CSO Online)
  • — 11 January, 2013 11:16

Hackers have demanded $US50,000 from recruitment firm Drake International to prevent them from publishing a database they claim contains personal information about 300,000 Australian, New Zealand, British and Canadian job seekers.

Using the Twitter account @RexMundi_Anon, the hackers on Wednesday linked to their demand on Pastebin, where they make a claim to have breached a server at the recruitment firm’s Canadian operations last week.

“We gained access to over 300,000 confidential job applicant records, in addition to data related to the company's clients. The data stored inside the website's database relates to candidates located in Australia, New Zealand, the UK and Canada,” they said.

The hackers are threatening to publish the stolen database unless Drake International paid the group $50,000 by the end of this week. They posted the threat after claiming Drake had not responded to their demand and released details of one candidate each from Australia, New Zealand, and Canada to prove they were in possession of the database.

A payment however looks unlikely to happen after Canadian Drake executive Tony Scala, who confirmed the breach on Wednesday to the Financial Post, said it “won’t be blackmailed” and will not negotiate with the hackers.

A log of Drake’s complaint with the Toronto Police Service notes that Drake and its agencies around the world had agreed on not paying the group, according to Databreaches.net.

Drake was cooperating with authorities to ensure the details would be “protected as best they can be”, said Scala, adding that the company intends to contact affected candidates by email.

It’s not known how many Australian candidates’ records were in the stolen database. CSO Australia is waiting for a response from Drake Australia.

Drake’s Scala said the stolen database was “old” and that the breach was “limited in scope”.

Drake has operations in nine countries.

Follow @CSO_Australia and sign up to the CSO Australia newsletter.

Tags: hackers, Drake International, privacy

Even the most secure cloud storage may not be so secure, study finds

READ THIS ARTICLE
DO NOT SHOW THIS BOX AGAIN [ x ]
Comments are now closed.
CSO Corporate Partners
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

SECURE Email Gateway

Clearswift SECURE Email Gateway is an effective and resilient email gateway for 50 to 50,000 users.

Latest Jobs
Security Awareness Tip

Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).


  1. Have an incident response plan.

  2. Pre-define your incident response team 

  3. Define your approach: watch and learn or contain and recover.

  4. Pre-distribute call cards.

  5. Forensic and incident response data capture.

  6. Get your users on-side.

  7. Know how to report crimes and engage law enforcement. 

  8. Practice makes perfect.

For the full breakdown on this article

Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.