Cyber Incident Victim: Rogers Communications
Date:
Feb 2015
Location:
Canada
Summary
A Canadian telecommunications company experienced a security breach after hackers employed social engineering tactics to impersonate employees and deceive support staff into providing a mid-level employee's credentials and security answers. The attackers accessed corporate emails, internal networks, and exfiltrated sensitive data including business contracts with client details, employee identification documents, and VPN credentials. After unsuccessfully demanding a bitcoin ransom to withhold the information, the hackers publicly released over 400MB of stolen data, which the company confirmed contained business agreements with pricing specifics but no personal banking information.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In February 2015, Canadian telecommunications company Rogers Communications experienced a data breach orchestrated by the hacking group Team Hans. The attackers employed social engineering tactics, initially contacting the company’s support desk while posing as Rogers employees. Through this deception, they obtained the employee ID and security question answers for Antonio Marino, a mid-level commercial account manager. Armed with this information, the hackers called back impersonating Marino and successfully acquired the password to his corporate Outlook account by correctly answering the security verification questions. This initial compromise occurred on February 20, granting Team Hans access to Marino’s email account, which served as an entry point to Rogers’ internal network. The attackers then exfiltrated over 400MB of corporate data containing sensitive business agreements with corporate clients, internal business emails, employee identification documents, and VPN credentials that could have enabled deeper network infiltration.
Team Hans attempted to extort Rogers Communications by demanding 70 bitcoins (approximately $19,160 USD at the time) in exchange for withholding the stolen data from public release. When the company refused payment, the hackers publicly released the entire dataset. Rogers issued a statement confirming unauthorized access to business contracts containing client names, addresses, phone numbers, and pricing details, but emphasized that no personal banking information or data enabling financial compromise was included in the breach. The company did not disclose specific containment measures taken following the breach detection, nor did it confirm whether Marino’s compromised credentials were disabled or whether additional security protocols were implemented post-incident. The public data dump exposed sensitive corporate operational details and employee information, though Rogers maintained that critical customer financial data remained protected throughout the incident.