Cyber Analysis Group - CyberAGroup - OSINT Darkweb Investigations  - Insider Threat - Crypto - Online threat & exposure - SOCMINT - Canadian

‹ Back

The data extortion group CoinbaseCartel has released what it states is Desjardins' 2019 dataset, along with a threat concerning other data from "your latest one":

"Here is your 2019 data, and we've had it since day one, but what about your latest one? Since you won't come speak to us, we will have to start showing things to people and these things will land certain individuals in trouble. We expect you to come talk to us soon. If we do not hear from you, we will post 1GB a week until you do. We've given you many chances, and Mr. Dubois, sorry for causing you so much trouble, but we will get to you soon."

In a file contained in this recent data dump, the group states: "We are looking for direct insiders at major corporations. With our solid reputation, we guarantee safety and huge payouts. Let's connect and discuss further."

The data consists of a 270MB file containing more than 3.8 million records of Desjardins customer information, including name, address, language preference, date of birth, social insurance number, and phone number. The victims' data exposed indicate some of them were as young as 5 years old in 2019.

Of note, there is still no interest in this story from any major Canadian English-language media outlet. One actually told me they had reached out to Desjardins who told them there was nothing to see here so they didn't pursue it - WTF? Unfortunately for the 3.8 million individuals affected, fraudsters around the globe will be very interested. Given that this personal data dates back to only 2019 and includes sensitive PII such as dates of birth and SIN numbers, it remains highly exploitable, making it especially valuable to those seeking to commit identity theft, financial crimes, or other targeted attacks.