Waterloo Brewing loses $2.1-million in ‘sophisticated’ cyberattack
A few weeks ago, Waterloo Brewing lost $2.1 million after criminals convinced the company to send funds to a fraudulent account. Employee impersonation is a popular tactic among fraudsters, as we see it in all industries. We recommend employees being trained on how to verify requests for money before making payments. It is also important for you to be aware that coverage exists to mitigate this exposure. The truth is, Cyber Risk is a growing concern for small and large breweries alike. The Waterloo case is by no means unique, and we are regularly (almost daily) speaking with clients who have experienced some form of Cyber, or ransomware attack. One Ottawa based business was recently extorted to the tune of $165,000.
If you would like to receive a quotation for Cyber Perils coverage please complete the application located on our website at (other good info/resources too):
https://palladiuminsurance.ca/cyberliability/
If you would like to read the short article describing the Waterloo Brewing attack, we have posted it below.
KITCHENER, ONT. THE CANADIAN PRESS <time datetime="November 21, 2019" data-unixtime="1574339974" data-moment-preface="Published ">PUBLISHED NOVEMBER 21, 2019</time>
"Waterloo Brewing Ltd. says it has lost $2.1-million after scammers persuaded the company to send money to a fraudulent third-party account.
The Ontario brewery said that the “sophisticated” attack in November involved the impersonation of a creditor employee asking for multiple wire transfers.
After discovering the scheme, the company said it initiated an analysis of all other transaction activity across all of its bank accounts, as well as a review of its internal systems and controls that included its computer networks to prevent further attacks.
“The company… is working with its auditors and bank to ensure that appropriate steps have been taken to mitigate the chance of any future occurrences of similar cyberattacks,” it said in a news release.
The brewer said it does not believe that its systems were breached, or that any personal information of its customers is at risk. It said it was still actively trying to recover the funds and has notified relevant authorities, but said there are no assurances any money is forthcoming. The brewery is just the latest to fall for online schemes in which fraudsters impersonate actual employees to ask for money transfers.
MacEwan University in Alberta lost $11.8-million in 2017 after fraudsters impersonated a vendor and asked the university to transfer accounts payable to a new bank account. This past April, the City of Ottawa treasurer transferred nearly US$100,000 to a fake supplier after scammers posed as the city manager.
The Canadian Anti-Fraud Centre recommends employees know how to verify requests for money before making payments". https://www.theglobeandmail.co...".
For further information on how to make sure your business is protected from breaches like this, please reach out to our Cyber Liability professionals today, www.cyber-liability.ca or call us directly.
Greg Strahl - Assurances Palladium Insurance
T: 613 824.8335 ext.222 C: 613 793 7522
greg@palladiuminsurance.ca