Data from Canada’s Halifax Public Library posted for sale on dark web marketplace

Some data from the Halifax Public Library in Canada has made its way to a dark web marketplace.

The posting is included in a list of Homewood Health's leaked data on Marketo, which had received nearly 300 bids as of Thursday morning.

A spokesperson for Homewood Health, a provider of mental health and addiction services with offices across Canada, confirmed the data breach, which included information on its clients, such as the Halifax Public Library.

Downloadable evidence packages posted online as samples for sale include a total of 50 documents and PDFs ranging from workers' compensation checklists to contract amendments from a variety of organizations, including a Newfoundland accounting firm and the British Columbia Housing Corporation.

While the specifics of the data that was released for sale at the Halifax Public Library remain unknown, a spokesperson for Homewood Health said it may contain "personal information on some of (their) employees."

"We have a dedicated internal and external team, but the process will take some time." The spokesman said in an email response, adding that the company is investigating what information has been compromised and how it was obtained.

"We will notify all affected individuals as soon as possible, as required by law."

A spokesman for Halifax Public Library declined to comment on the incident, which is under investigation, and referred all inquiries about the matter to Homewood Health, but added that the breach compromised data that did not include customer data.

So far, Homewood Health has been unable to trace the source of the leak.

"To date, neither Homewood Health nor its third-party cybersecurity experts have been able to find any evidence of unauthorized access to any Homewood Health customer applications," a company spokesman said.

But as of Thursday afternoon, the listing was no longer available on the dark web marketplace.

A Marketo spokesman who identified himself as Mannus Gott recently told CTV B.C. that some of the data will be sold on Thursday and the rest will be released.

Brett Callow, a threat analyst at Emsisoft, said people who have information that could be contained in the 180GB of files up for sale should be worried.

Callow said, "For this kind of sensitive information, whether it's on the dark web or the open web, people are bidding on it, and it could be quite damaging." He added, " The information could be used for reasons such as blackmail or identity theft. "

"Situations like this are the worst. If your financial information is compromised, you can at least eventually repair your credit. When information like this is compromised, there's nothing you can do about it," he says.

"Once it's there, it's there."

While you can't see if Homewood Health data is being sold, Callow says a deleted listing often means it has been purchased.

"In some cases, the person buying the data could be the company that bought it back, or in other cases, it could be a third party," he said. "There's no way to know."

The data breach is still under investigation.