We Now Have Proof That Sobeys Was Pwned By Ransomware

Earlier this week, I reported that there were rumours that Canadian grocery chain Sobeys was hit with a ransomware attack. At the time Sobeys simply said that there was an “IT problem” that they were dealing with. But from what I have heard, some of which was from Sobeys employees, I knew that they were hiding the truth. And now we have proof of that from a pair of reports.

On Thursday, this happened:

However, on Thursday, two provincial privacy watchdogs said they had received data breach reports from Sobeys.

Both Quebec’s access to information commission and Alberta’s privacy commission have both been notified by the grocer about a “confidentiality incident.”

Quebec’s access to information commission said confidentiality incidents occur when there is unauthorized access, use or loss of personal information or any other breach of the protection of this information.

That’s the first hint that this is not some “IT problem” and is indicative of Sobeys getting pwned and the threat actors having access to confidential data. Be it employee data, customer data, both, or even more than that. I say that because you only file a report like this if you’re the victim of some sort of data breach. Or in this case, you’ve been pwned by hackers. Since these are both public agencies that Sobeys reported this to, we’ll find out soon enough what was leaked and how.

The next day Bleeping Computer posted a story with proof that Sobeys was pwned in a ransomware attack:

Furthermore, based on ransom notes and negotiation chats BleepingComputer has seen, the attackers deployed Black Basta ransomware payloads to encrypt systems on Sobeys’ network.

BleepingComputer was told by multiple sources that the attack occurred late Friday/early Saturday morning.

Photographs shared by Sobeys employees online also show in-store computers displaying a Black Basta ransom note.

That’s right. They have screen shots, and Bleeping Computer has proof that Sobeys was in negotiations with the threat actors. Thus at this point, Sobeys really does need to just come clean and admit that they were pwned and what they are going to do to remediate the situation. The problem is that this is the worst kept secret in Canada at the moment, and Sobeys not only looks bad, but their silence really doesn’t create trust among their customer base. My wife for example has been freaking out as she walks a couple of blocks to the local Sobeys store anytime she need to grab something. And as a result of her shopping at Sobeys, she’s afraid her personal information has been exposed. I can’t answer that question. But I bet Sobeys can. But they’re too busy trying to hide this rather than taking steps to level with the public and describe what their next steps are to regain their trust. And to take this further, what if you’re an employee of Sobeys, I’m pretty sure that you’re scared that your personal info has been exposed. And to be frank, you should be. The fact is that Sobeys isn’t helping itself here, and that will only hurt Sobeys as a brand at the end of the day.

2 Responses to “We Now Have Proof That Sobeys Was Pwned By Ransomware”

  1. […] The chain claimed that they had an “IT issue”, but by the end of the week there was proof that they had been pwned. Now CBC News is giving us an inside look at the chaos that ensued after […]

  2. I think both you and your wife need to calm down.

Leave a Reply

%d bloggers like this: