Federation of Sovereign Indigenous Nations pays hacker $20K in bitcoin after massive data breach, sources say
Revelation comes as FSIN election assembly begins today in Saskatoon
The Federation of Sovereign Indigenous Nations recently paid more than $20,000 to an anonymous hacker who breached its computer system, CBC News has learned.
The revelation surfaces as hundreds of delegates gather in Saskatoon on Wednesday and Thursday to elect a new FSIN chief and two vice-chiefs.
The information was provided Tuesday by two sources with direct knowledge of the situation. They spoke to CBC News on condition of confidentiality, as the meetings were private.
The hacker gained control of the FSIN's internal files and email system, holding it ransom. A wide range of data was taken. It included files on residential school survivors, youth athletes and their coaches, internal land claims and a host of other topics. The social insurance numbers, treaty card numbers and health claims of staff and the executive were also accessed.
The hack went undetected for an undetermined amount of time. In May, an FSIN staff member got an email from the hacker demanding a ransom of more than $100,000.
The FSIN treasury board and its audit committee, made up of chiefs and others from across the province, met to discuss the situation. Some wanted an immediate notice sent to all of the employees, parents, companies and others affected. They said police should be called and a public statement issued. None of that happened.
They also told FSIN staff and executive not to pay the hacker. They said the hacker might accept the money and then keep the data on file anyway. However, in the days following the treasury board meeting, quiet negotiations with the hacker continued. Someone at the FSIN eventually authorized and paid the hacker more than $20,000 worth of bitcoin, a "cryptocurrency" used as a method of payment online.
When word of the payment reached the committee members, at least three demanded an explanation and a report, but none were supplied.
Since the breach, the FSIN has contracted the services of a private computer security business. The email system appears to be functioning normally, but there is no guarantee the hacker did not retain the data.
The FSIN declined to comment on the matter when contacted Tuesday. An official said FSIN officials can't speak on federation business during the current campaign period. They said a new chief will be able to address a wide range of issues following the election Thursday.