Canada Life Data Breach: 5.5 Million Records Allegedly for Sale

A threat actor claims to be selling over 5.5 million records linked to Canada Life on a cybercrime forum, significantly exceeding the insurer's confirmed breach count of 70,000 records. The dataset reportedly contains personal and organizational information consistent with Salesforce CRM exports. Cybernews researchers verified the legitimacy of a sample from the dataset, although independent verification of the entire breach remains unconfirmed. The breach was attributed to the hacking group ShinyHunters, known for accessing data through compromised employee accounts. Canada Life has been contacted for comment but has not yet confirmed the new claims. The incident raises concerns about potential phishing attacks targeting Canada Life's customers and employees due to the exposed data. Security analysts describe the inflated claim as a tactic to pressure organizations into paying ransoms.

Key Points: • Threat actor claims to sell over 5.5 million Canada Life records on a cybercrime forum. • The breach was linked to the hacking group ShinyHunters, exploiting compromised employee accounts. • Canada Life's confirmed breach count stands at 70,000, highlighting a significant discrepancy.