A major North Vancouver-based chain of auto body repair garages hopes it will be business as usual this weekend after suffering a cyberattack two weeks ago.
Craftsman Collision chief operating officer Rick Hatswell told theBreaker.news that the company had to shut down computer systems and deal manually with ICBC claims. Someone inadvertently clicked on a malicious email that triggered ransomware which, according to Norton security, locks and encrypts a victim’s computer or device data, then demands ransom to restore access.
Hatswell said the hackers grabbed the company’s web domain and sent emails that appeared to be from Craftsman.
“We just started getting hit with all the phishing emails all at once so we recognized it pretty quick. When we shut it down we had to rebuild from back up which has taken us quite a bit of time,” Hatswell said in an interview. “As of now we’re back up to business, it should be every shop by tomorrow. The IT department has been burning the candle at both ends getting everything rebuilt, getting all the servers up and running so the shops can reconnect with head office.”
ICBC had to send staff to examine vehicles needing repair at Craftsman, an accredited repair facility normally connected to the Express Repair program for damage estimates and approvals.
Craftsman Collision locations billed ICBC $80.7 million for the year ended March 31, 2019, according to the Crown corporation’s statement of financial information.
ICBC spokesperson Joanna Linsangan said in a prepared statement that the auto insurer took immediate steps to safeguard its customer information.
“We’ve conducted an assessment of our own systems, and can confirm that our customer data has not been compromised. We will continue to work with Craftsman Collision to determine if there remains to be a risk to our customer’s information,” Linsangan said.
Craftsman hired a third-party specialist to get the company back online and conduct a full forensic investigation to find out how much damage the hackers did. Hatswell believes very little was affected because the company acted quickly.
“We don’t keep much on file other than name, phone number and address. There is no banking info, it’s all done through ICBC’s side for payments, so at least there is no information of that type or passwords or anything like that,” he said. “We don’t believe anything was taken at all.”
Hatswell said he tried to report the incident to the RCMP, but “they basically turned me down.” He was referred to the Ontario-based Canadian Anti-Fraud Centre toll-free hotline. Hatswell said the company intends to notify customers.
“I don’t know who to actually call to be honest, I know our third-party would know, but when I reached out locally nobody seemed to care, there was no money lost.”
Information and Privacy Commissioner Michael McEvoy said his office had not been notified. The Office of the Information and Privacy Commissioner encourages both public bodies and private sector organizations to voluntarily report privacy breaches via a form on the OIPC website. There is no mandatory reporting law, despite a 2017 NDP campaign promise.
During the last provincial election, the NDP told the B.C. Information and Privacy Association that, if it came to power, the party “will consider best practices both across Canada and internationally for breach notifications in both the public and private sectors to determine a made-in-B.C. policy.”
“We agree that mandatory breach notification would benefit the public by enhancing accountability and transparency, and helping to mitigate the serious fallouts of privacy breaches and as government we will take action,” said an April 2017 NDP letter in response to a questionnaire.
Roger Gale, a BCIT industrial network cybersecurity instructor, told CTV that privacy breach reporting is necessary.
“Many organizations, companies will not want to report data breaches, it hits their public perception, it hits their bottom line, but I think there has to be a political will to bring in legislation like that,” Gale told reporter Alissa Thibault. “When it comes to data security, I think that the governments are moving at a snail’s pace, compared to the hackers out there.”
On Dec. 12, New Zealand-based Emsisoft Malware Lab published its “The State of Ransomware in the U.S.: Report and Statistics” and warned that the threat of ransomware had reached a crisis level.
“In 2019, the U.S. was hit by an unprecedented and unrelenting barrage of ransomware attacks that impacted at least 948 government agencies, educational establishments and healthcare providers at a potential cost in excess of $7.5 billion,” the report said.
According to Emsisoft, existing security weaknesses and the development of increasingly sophisticated attack mechanisms designed to exploit those weaknesses have created a “near-perfect storm.” It recommended improved security standards and oversight, more guidance and better public-private sector cooperation.
On Dec. 13, New Orleans City Hall activated the civic emergency operations centre after a cyberattack.
As for Hatswell, he does expect a hit to Craftsman Collision’s bottom line during what is generally the slowest month of the year.
“I’m hoping it’s obviously not in the millions, but having 37 stores in B.C., I’m sure it’s in the hundreds of thousands of lost revenue. When the RCMP says ‘well you haven’t paid out anything,’ well, there’s a lot of other costs on rebuilding software, hiring companies and the lost revenue.”
Request for comment from the office of Attorney General David Eby, the minister in charge of ICBC, was not fulfilled by deadline.
Support theBreaker.news for as low as $2 a month on Patreon. Find out how. Click here.