Coleman Group catches cyberattack in progress that may have accessed employee files

·3 min read
The Coleman Group of Companies operates grocery stores, clothing and furniture businesses.  (John Gushue/CBC - image credit)
The Coleman Group of Companies operates grocery stores, clothing and furniture businesses. (John Gushue/CBC - image credit)

The Coleman Group of Companies says it was the target of a cyberattack in late February and has reason to believe some of its human resources and payroll files were accessed.

According to the company, those files contain names, addresses, social insurance numbers and banking information of employees both past and present.

Greg Gill, vice-president of marketing, told CBC News the company's IT team discovered and quickly stopped the attack — while it was in progress — on the weekend of Feb. 20.

Out of an abundance of caution, Gill said, the company issued letters to all employees and former employees informing them of the attack.

"There's evidence to suggest that there was activity or access to certain files on a server, it's not always easy to determine exactly what may have been access or copied," Gill said.

"We, as a company, thought it was best to contact all of our employees, current and former, to do what we thought was the right thing to protect them."

The Coleman Group hired a cybersecurity consultant firm to help in the investigation, and arranged credit monitoring services for current and former employees through Equifax Canada for the next 12 months at no cost to users. The service also comes with identity theft insurance.

Gill said the investigation is ongoing.

The Arthur James Clothing Company is part of the Coleman Group.
The Arthur James Clothing Company is part of the Coleman Group.(Ted Dillon/CBC)

But one former employee wonders what information of his was still on file after not having worked for the company in two decades. Jimmy Short posted the company letter on Twitter on Thursday, wondering if others had received the same.

When asked if it's standard practice to retain employee information for so long, Gill didn't say, noting the decision to reach out to everyone in the company's contact list was to offer them protection "out of an abundance of caution."

According to Newfoundland and Labrador labour standards, every employer must keep payroll records for each employee for a period of four years from the date of the last entry.

"We just looked at this situation and thought it's best to reach out to everybody, and I can imagine if you were an employee who hasn't worked for us in a number of years, you might wonder what's the situation there," Gill said.

"We just said 'look, let's just go back to everybody that we have contacts for and let them know this happened and extend that service to them.'"

As for everyday operations, Gill said the team IT initially shut down internal internet and email services to halt the attack, but that move didn't have any negative impacts on business, as the company continued to operate its grocery, furniture and clothing outlets.

"Most of the disruption is just stuff related to the current situation with the COVID pandemic. As it pertains to the breach, we're back to business and just carrying on," Gill said.

"I think cyberattacks right now seem to be more and more prevalent. They happen. It's unfortunate. We wanted to make sure we followed best practices."

Read more articles from CBC Newfoundland and Labrador