Coleman Group says it caught cyberattack in progress that may have accessed employee files
Company offers credit watch for employees past and present
The Coleman Group of Companies says it was the target of a cyberattack in late February and has reason to believe some of its human resources and payroll files were accessed.
According to the company, those files contain names, addresses, social insurance numbers and banking information of employees both past and present.
Greg Gill, vice-president of marketing, told CBC News the company's IT team discovered and quickly stopped the attack — while it was in progress — on the weekend of Feb. 20.
Gill said the company issued letters to all employees and former employees informing them of the attack.
"There's evidence to suggest that there was activity or access to certain files on a server. It's not always easy to determine exactly what may have been access or copied," Gill said.
"We, as a company, thought it was best to contact all of our employees, current and former, to do what we thought was the right thing to protect them."�
The Coleman Group hired a cybersecurity consultant firm to help in the investigation, and arranged credit monitoring services for current and former employees through Equifax Canada for the next 12 months at no cost to users. The service also comes with identity theft insurance.
Gill said the company is investigating.
But one former employee wonders what information of his was still on file after not having worked for the company in two decades. Jimmy Short posted the company letter on Twitter on Thursday, wondering if others had received the same.
Gill wouldn't say if it's standard practice to retain employee information for so long, but said the company got in touch with everyone on its contact list to offer them protection "out of an abundance of caution."
According to Newfoundland and Labrador labour standards, every employer must keep payroll records for each employee for a period of four years from the date of the last entry.
"We just looked at this situation and thought it's best to reach out to everybody, and I can imagine if you were an employee who hasn't worked for us in a number of years, you might wonder what's the situation there," Gill said.
"We just said, 'Look, let's just go back to everybody that we have contacts for and let them know this happened and extend that service to them.'"
Gill said the IT team shut down internal internet and email services to halt the attack, but that move didn't have any negative impacts on business, and the company continued to operate its grocery, furniture and clothing outlets.
"Most of the disruption is just stuff related to the current situation with the COVID pandemic. As it pertains to the breach, we're back to business and just carrying on," Gill said.
"I think cyberattacks right now seem to be more and more prevalent. They happen. It's unfortunate. We wanted to make sure we followed best practices."