Yellow Pages Group, a Canadian directory publisher, has confirmed to BleepingComputer that it has been the victim of a cyberattack.

The ransomware and extortion gang Black Basta claims responsibility for the attack and released documents and sensitive data over the weekend.

Founded in 1908, the Yellow Pages Group today owns and operates the Yellow Pages.ca and YP.ca websites, as well as the Canada411 online service.

Threat actors stole customer and employee data

While directory services like Yellow Pages largely collect and provide public data, that doesn’t mean they don’t own any personal or private company data.

Last week threat intelligence analyst Dominique Alvieri spotted the Black Basta ransomware gang sharing information about Yellow Pages Group on its data leak website:

BleepingComputer has analyzed Black Basta’s online post and can confirm that the ransomware group leaked a sample of sensitive documents exposing personal information. These include and are not limited to:

• Identity documents (such as scans of passports and driving licenses) showing the person’s date of birth and address
• Tax documents — showing Social Insurance Number (SIN)
• Sale and purchase contracts
• “Accounts Receivable” worksheet dated February 28, 2023
• Budget and debt forecast as of December 2022

“Yellow Pages was recently the victim of a cyberattack,” confirmed Franco Sciannamblo, YP’s CFO, in a statement to BleepingComputer.

“As soon as we became aware of the attack, we immediately began a thorough investigation into this issue with the assistance of external cybersecurity experts to contain the incident and ensure that we had secured our systems.”

“Based on our investigation to date, we have reason to believe that the unauthorized third party stole certain personal information from servers containing YP employee data and limited data relating to our business customers.”

“We have notified those affected and reported this incident to all relevant privacy authorities. Substantially all of our services have now been restored.”

Based on the dates present on the few leaked documents seen by BleepingComputer, especially the most recent ones, it appears that the cyberattack occurred on or after March 15, 2023.

Earlier this month, Black Basta had claimed responsibility for cyberattack on Capita, UK-based professional outsourcing provider. The extortion group threatened to sell the stolen data to interested buyers unless Capita paid the ransom.

Last year, Black Basta had hacked the Canadian food distribution giant Sobeys leading to computer issues and malfunctioning point-of-sale (POS) kiosks.

The ransomware group has swung into action quickly over the past year, sometimes posting multiple high profile victims at once on its data leak portal. Cybersecurity analysts have speculated Black Basta will be a new brand image of Conti ransomware gang based on its negotiation tactics.