Hackers claim they've sold some SLGA data onto 'black market,' put rest on dark web

The organization that stole data from Saskatchewan Liquor and Gaming Authority (SLGA) in a Christmas Day hack, claims it has now sold "the most valuable data" it took. In a post on the social media app Telegram, the hackers wrote "we assume it's already on the black market."

They also announced they have made the rest of the data, more than 1 TB of documentation, available on the dark web. 

CBC has sifted through some of the tens of thousands of newly leaked documents. They appear to encompass every aspect of SLGA's business operations, including gaming, liquor and marijuana regulation.

CBC has reached out to SLGA for comment, but it had not responded as of publication time.

SLGA officials notified the public of the hack on Dec. 28. At that time, the Crown corporation assured the public that it "does not have any evidence that the security of any customer, employee or other personal data has been misused." 

Since that time, it has become clear that the hackers took data belonging to some SLGA employees and business partners, like suppliers and vendors. In a March 22 post on its website, SLGA warned its business partners that the hackers may have taken their "names, addresses, phone numbers and in some cases also includes birth dates, place of birth, drivers licence numbers, criminal records, certain medical information, financial information, previous names (e.g., birth name or maiden name), physical characteristics."

• No warning from government that personal data was hacked: Sask. Liquor and Gaming suppliers
• SLGA business partners should have figured out on their own that their data may have been stolen: minister

Weeks ago, in emails and in a phone call, the hackers told CBC they had taken SLGA data and locked up the organizations systems with ransomware. The said they wanted SLGA to pay an undisclosed amount to restore their systems and ensure that the data that's been taken isn't released publicly.  

"We have but one option for SLGA — to continue negotiations to resolve that problem and avoid data disclosure," the hackers wrote.

In an early April media scrum, Jim Reiter, the minister responsible for the SLGA, told CBC there will be no negotiations. 

"I don't want to be in a position where we're paying tax dollars for ransom to criminals. I mean what message does that send to the next hacker?" he said.

In their social media post on Tuesday, the hackers posted some of CBC's stories about the hack and said this was "what happens to those who attempt to deny reality, trying to use threats and dirty tricks during negotiations." 

Brett Callow, a threat analyst with the cybersecurity firm Emsisoft, told CBC that while the hackers may have actually sold data on the black market, they could also be lying.

"It is also possible that they are saying that simply to make an example of SLGA so that other victims in the future look back, read about what happened to SLGA, and think we don't want to go through that. We're just going to pay."