Aurora Cannabis Breach Exposes Personal Data of Former, Current Workers

 

Recently, Marijuana Business Daily has disclosed a data breach at Aurora Cannabis. The security incident compromised the credential information of an unknown number of employees of the Canadian company. The data breach was not restricted to the current employees of the company but also encompassed the former employees as well. 

A victim has shared an email of a data breach with Marijuana Business Daily which was sent to him on Dec. 25, “cybersecurity incident during which unauthorized parties accessed data in (Microsoft cloud software) SharePoint and OneDrive.” The email read. 

The victim, a former employee of Aurora Company who was terminated in February 2020 with other hundreds of employees, didn’t get notification of the breach until late December 31. The source said that working for Alberta-based Aurora was “an experience that I think a lot of people want to forget.” 

“And then getting a reminder on the last day of 2020, just hours to go before 2020 ended, was just a bit of a kick to the face,” he further added. The former employee said that he had talked with three present workers at Aurora and five other former employees about the information that has been exposed. Each of them reported a different kind of data breach, some reported breach of their credit card information and government identification, while others said that their home address and banking details were exposed, he added. 

The company’s spokeswoman Michelle Lefler has confirmed that the company “was subject to a cybersecurity incident” on Christmas Eve. It has affected both present and former employees of the company. 

As of now, it remains unclear what "kinds" of personal information were exposed. “The company immediately took steps to mitigate the incident, is actively consulting with security experts and cooperating with authorities,” Lefler wrote in a statement. 

“Aurora’s patient systems were not compromised, and the company’s network of operations is unaffected.” Further, she added, for now, I am unable to provide the specific number of Aurora employees whose data was exposed. I can confirm we are following all security protocols, are working with privacy councils and law enforcement, and have communicated directly with any impacted current or former employee,” Lefler added.