Massive information leak at the Goodfellow company

Former Goodfellow employees learned from our Bureau of Investigation that their hacked medical information is available on the dark web.

• Read also: Info-Santé line victim of hackers

Cybercriminals have published hundreds of confidential documents stolen from the lumber producer in Delson, Montérégie.

Among the data stolen are company bank statements, information on pending litigation, and even results of blood tests conducted to detect the presence of drugs in the blood of job applicants.

The NetWalker gang released this data after destroying it on the company’s servers at the end of September.

The information also includes dozens of pre-employment surveys conducted by the Garda firm.

The hackers also posted on the dark web claims for insurance benefits mentioning illnesses and injuries that affected employees, as well as pay slips and disciplinary files.

Our Investigation Office contacted some affected employees. Of those who left the company, none was aware of the leak.

“I didn’t even know they still had information on me after over a year,” says Sébastien Boisvert, a former sales rep who left Goodfellow in 2019.

The results of the blood test he took before he was hired can be found online and he is amazed the company did not alert him.

Listed on the stock exchange, Goodfellow declared the cyberattack in its last MD&A on October 15, without giving details.

“I was transparent with my employees. They are aware, ”says CEO Patrick Goodfellow.

The company of 800 employees refused to pay the ransom to the cyber hackers, according to our information, preferring to rebuild its network. “Everything is progressing well at the moment”, assures the boss.

Patrick Goodfellow says he is unable to assess the cost of the operation.

“It’s very subjective, he judges. How many orders have we lost because the system has been compromised? Have some goods been incorrectly shipped because of this? “

Although the law does not yet require him to do so, Goodfellow warned the Quebec Commission of Access to Information of the incident.

“It’s always very worrying, this kind of leaks,” said spokesperson Isabelle Gosselin. It is people’s privacy that is at stake, and there can also be other violations of fundamental rights, such as damage to reputation. ”

Victims in IT and agriculture

Fresche Solutions

Pirates: NetWalker

Compromised information:

  • Personal employee information
  • Customer Information

This Montreal business software firm is the most recent Quebec victim of cyber hackers identified by our Bureau of Investigation.

On his blog in the dark web, the NetWalker gang threatens to publish the stolen information in two days. To show his seriousness, he presents a list of client files found in Fresche’s servers and a copy of the founder’s passport.

“We recently had a cyber incident that targeted some of our old servers,” writes Mathieu Alarie, head of human resources at Fresche.

A cybersecurity firm is investigating the intrusion.

“Certain personal information of employees as well as certain information concerning customers could have been consulted, writes Mathieu Alarie. While we have no evidence of data use, we have contacted affected employees and customers to provide them with all the support and tools needed under the circumstances. ”


Pirates: REvil / Sodinokibi

Sensitive information found online:

  • Company emails
  • Client Farmer Information

The seed and fertilizer distributor, mostly active in Ontario, refused to pay a ransom to pirates in May.

According to the Farm Ontario website, farmers have seen their personal information posted online. Agromart had to offer them credit monitoring services at Equifax.

Sollio refuses to say more “given the sensitivity of the subject”.

“We communicated quickly with the affected people to offer them support and a procedure to follow so that they could monitor any abnormal activity,” writes Director of Communications, Anne-Julie Maltais.

Sollio is also a shareholder in Olymel, which also suffered a serious computer attack in October.

If you have any information on cybersecurity, contact our journalist in confidence at 438-396-5546 (Signal, cell.) Or at

Check Also

Apple security chief accused of corruption

Apple’s chief security officer has been charged with alleged corruption for having, according to justice, …

Leave a Reply

Your email address will not be published. Required fields are marked *