The Toronto Zoo, the largest zoo in Canada, has provided more information about the data stolen during a ransomware attack in January 2024.
In a final notification regarding the cyberattack, the Toronto Zoo said the resulting data breach impacts varying combinations of personal and financial information belonging to employees, former employees, volunteers, and donors.
The exposed information includes transaction data such as impacted individuals’ names, street address information, phone numbers, and e-mail addresses. It also contains the last four digits of credit card numbers and associated expiration dates for guests and members who made credit card transactions between January 2022 and April 2023.
“The data includes information about all guests and members who engaged the following types of transactions between 2000 to April 2023: general admission and membership purchases,” it said.
The zoo disclosed the incident on January 8, saying the attack did not impact the animals’ well-being or day-to-day operations.
Toronto Zoo has reported the data breach to the Office of the Information and Privacy Commissioner of Ontario (the IPC) and advises those affected to monitor financial account statements for suspicious activity.
Attack claimed by Akira ransomware
While Toronto Zoo has not officially linked the incident to a specific threat actor or hacking group, the Akira ransomware operation claimed the breach in January 2024 and has since published the allegedly stolen data on their dark web leak site.
Akira claims they’ve stolen 133GB of files from the zoo’s compromised file server, including database backups, ticket information, and other user data.
In early February, the cybercrime gang started seeding a torrent file containing multiple archives containing over 35GB of this data.
“Lots of NDAs and confidential agreements are represented in the data. Some personal files (driver licenses and so on) can be found in the files. And of course, lots of interesting info about animals,” the ransomware group says on its leak site.
Akira emerged two years ago, in March 2023, and has quickly gained notoriety after adding a long string of victims worldwide across various industry verticals.
Based on negotiation chats seen by BleepingComputer, Akira demands ransoms ranging from $200,000 to millions of dollars, depending on the size of the compromised organization.
So far, Akira has claimed multiple high-profile victims, including Stanford University, Nissan Oceania, and Nissan Australia. Since it surfaced, the gang has added over 300 organizations to its dark web leak site.
According to an FBI advisory, Akira ransomware operators have breached over 250 organizations and collected roughly $42 million in ransom payments until April 2024.
