Operations at Ganong Bros. in St. Stephen were temporarily disrupted in recent weeks in what the company described as an “IT security incident.”
Claire Ryan, director of public relations, said the attack was discovered on Feb. 22, 2025.
“Upon discovering the incident, we immediately undertook countermeasures to protect our network and data, including retaining third-party cybersecurity experts and external legal counsel to assist with containment, remediation and to conduct a forensic investigation to determine the extent of the incident,” she said in an email.
“Ganong’s investigation is ongoing to determine the extent to which any data, including personal information, may have been compromised,” she added. “Should our investigation determine that personal information was impacted, we will notify affected individuals directly in accordance with privacy laws.”
Ryan said that while operations at the company’s facility in St. Stephen were temporarily affected, they have since been restored to normal.
The cybersecurity website RedPacket Security found evidence of the attack on a site on the dark web, including a screenshot purportedly showing the internal communications and data stolen from Ganong. The information was posted on a site linked to a group known as PLAY, a hacker collective believed to be based in Russia.
RedPacket identified the incident as a ransomware attack, in which hackers steal a victim’s data and encrypt it before demanding a ransom, usually in a cryptocurrency such as Bitcoin, to unlock the data. The data may also be sold to other criminal groups.
Ryan did not say whether a ransom had been demanded or paid.
