JANUARY 28, 2021 – A frustrated former Olymel worker shared a letter dated January 21, 2021 which confirms the Company which has over 15,000 workers across Canada paid a ransom after being hacked.
An Olymel rep confirmed to CFN that the letter, signed by Martin Juneau, was legit.
While the worker that shared this with CFN only received it this week the leak was reported to have occurred last October.
Olymel confirmed that the personal data of employees, former employees and those who applied for positions had been stolen.
The company was quoted as saying:
“We had, by paying a sum of money to the perpetrators of the cyberattack, proof in return that this data had been destroyed. We have experts who monitor sites and networks so for the moment, it does not appear to us, if it was the case an employee will tell us. As a precaution, our experts recommend that we be careful and offer protection to all our employees who wish to subscribe to it. It’s not in our best interest to disclose the amounts that have been paid. ”
We can be reached at email@example.com
Former Olymel worker in Cornwall Ontario Roy Berger gave the following quote:
“How much Bitcoin or Litecoin did the company pay for blackmail regarding my information, and does the company intend to hire a new pretend 17 year-old computer programmer to adjust computer protocol standards?
What was the nature and name of the black mail agency? They did not protect the UFCW membership in this case. This company lost license in the past for failing to meet normal standards – why am I not shocked they can haunt me with their negligence ten years later?
The bacon is good but the management and owners are clearly incompetent and so cheap and stupid they are dangerous.”
An independent investigation is in order to determine if the employer met its obligations under Canada’s federal privacy law, the “Personal Information Protection and Electronic Documents Act” aka PIPEDA.
Some criminal(s) have had a huge payday from a theft, courtesy of a corporation that ironically lacked the courtesy to inform its employees that their personnally identifying information was stolen… or even the admission that in the end that it is the employees that are the victims.
The workers’ bargaining agent and a bevy of legal firms should be champing at the bit to exact corrective action on behalf of anyone even potentially affected by such an egregious data breach.