Canadian Nurses Association confirms data theft after group dumps stolen info

The Canadian Nurses Association (CNA) confirmed that it is working with its members to respond to a leak of sensitive data stolen by a group of hackers earlier this year.

A spokesperson for the association, which represents nearly half a million nurses across the country, told Recorded Future News it experienced a security incident on April 3 hat did not impact operations but did affect some of its systems.

“We immediately launched an investigation and engaged leading third-party experts to support our efforts. As a precautionary measure, we notified the appropriate law enforcement authorities,” the spokesperson said.

“We have since completed our investigation into the incident and any members impacted by this incident are being notified accordingly. We are engaging with our members and working closely with our industry-leading partners to implement enhanced security measures to protect our systems, and to prevent this type of incident in the future.”

Two different ransomware groups — Snatch and Nokoyawa — took credit for the attack in May. But on September 1, the Snatch group, which has since claimed to shift exclusively to data exfiltration and extortion without ransomware, leaked 37 GB of data from CNA.

There has been confusion about the group’s operations since a Telegram channel was created in July by a group with the same name. The group confirmed to Databreaches.net that it did not use ransomware during its attack on CNA. Later in the interview, they gave conflicting answers about whether their extortion operation was connected to the long-running ransomware group or not.

The group later wrote on Telegram that it is different from the ransomware gang of the same name, but DataBreaches.net noted that the two allegedly distinct groups use the same URL for their leak sites.

South Africa denies Snatch attack

The same Snatch hacking group recently claimed to have attacked South Africa’s defense department, leaking troves of sensitive documents about the country’s military and senior leaders.

Several government spokespeople did not respond to repeated requests for comment but previously told local news outlets that they were not hacked.

In a statement published on Twitter last week, the South African National Defense Force said it conducted an investigation into the incident.

“It can be confirmed the system of the Department of Defence has not been hacked. This is the work of criminal syndicates within the cyberspace aided through information leaked from the Department,” spokesperson Siphiwe Dlamini wrote.

“The Department of Defence has policies in place that prohibits unauthorized access and sharing of classified information. The investigation continues and perpetrators will be brought to book. The Department assures South Africans that our systems are secured and measures have been put in place to ensure that the state information is not compromised.”

Snatch has spent weeks boasting of the incident, telling several South African news outlets that it stole 1.6 terabytes of data during the six months they allegedly spent within the Defense Department’s systems. Several outlets confirmed that at least some of the data leaked by Snatch is legitimate.