A cyberattack at Qulliq Energy Corporation (QEC) in Canada’s Nunavut territory has left the company limited in its operations. The attack is believed to have begun on January 15th and was carried out using malware that targeted the company’s computer systems. The company currently cannot accept bill payment through credit cards, but customers can pay using cash or through bank transfers. The government is working with the company to respond to the incident, with several government departments providing personnel. QEC was able to activate their incident response plan as soon as the attack was noticed. The full scope of the attack is not yet known, but QEC is planning to notify impacted individuals of the breach.
With investigations still pending, Qulliq customers should remain vigilant. Regularly checking bank and credit card statements that may have been used on the company’s site is advised. Changing the password to QEC accounts, as well as anywhere else that login combination was used, is suggested as well. It is good news that QEC had an incident response plan in place, as many companies still do not. The investigation results will provide more information to the organization for how they can improve their security posture.