Canadian Institute for Cybersecurity Company CyberSecurity Posture

unb.ca
ISOSOC2 Type 1SOC2 Type 2PCI DSSHIPAAGDPR

Welcome to the official LinkedIn page of the Canadian Institute for Cybersecurity (CIC)! 🌐 At CIC, we are dedicated to advancing cybersecurity through cutting-edge research, education, and collaboration. Our mission is to protect individuals, businesses, and critical infrastructure from cyber threats by developing innovative solutions and fostering a culture of cybersecurity awareness. 🔍 What We Do: -Conduct groundbreaking research in cybersecurity and privacy. -Offer educational programs and training for students and professionals. -Collaborate with industry partners to address real-world cybersecurity challenges. -Host webinars, workshops, and events to share knowledge and best practices. Join our community to stay updated on the latest cybersecurity trends, news, and events. Together, we can build a safer digital world! #CyberSecurity #Research #Education #Innovation #CanadianInstituteForCybersecurity

Canadian Institute for Cybersecurity A.I CyberSecurity Scoring

CIC

Company Details

Linkedin ID:

canadian_institute_cybersecurity

Website:

http://www.unb.ca/cic

Employees number:

61

Number of followers:

12,494

NAICS:

5417

Industry Type:

Research Services

Homepage:

unb.ca

IP Addresses:

Scan still pending

Company ID:

CAN_8190578

Scan Status:

In-progress

AI scoreCIC Risk Score (AI oriented)

Between 550 and 599

https://images.rankiteo.com/companyimages/canadian_institute_cybersecurity.jpeg
CIC Research Services
Updated:
  • Powered by our proprietary A.I cyber incident model
  • Insurance preferes TPRM score to calculate premium
globalscoreCIC Global Score (TPRM)

XXXX

https://images.rankiteo.com/companyimages/canadian_institute_cybersecurity.jpeg
CIC Research Services
  • Instant access to detailed risk factors
  • Benchmark vs. industry & size peers
  • Vulnerabilities
  • Findings

Canadian Institute for Cybersecurity

Very Poor
Current Score
590
Ca (Very Poor)
01000
2 incidents
-161.0 avg impact

Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.

JANUARY 2026
752
Breach
23 Jan 2026 • Yahoo, Facebook, TikTok, Netflix, Microsoft Outlook, OnlyFans, Binance and Canadian service provider: Massive Data Breach Exposes 149 Million User Passwords For Gmail, Facebook, & More
Massive Credential Breach Exposes 149 Million Logins in Unsecured Database

**Massive Credential Breach Exposes 149 Million Logins in Unsecured Database** A security researcher recently uncovered a staggering data exposure involving **149 million usernames and passwords** left unprotected on the internet. The database, hosted by a Canadian service provider, was freely accessible via a standard web browser, allowing anyone to search and extract sensitive login details without authentication. The breach remained active for about a month, with new credentials continuously added before the hosting provider took it offline following notification. The compromised data spanned a wide range of platforms, including: - **Email services**: 48 million Gmail, 4 million Yahoo, and 1.5 million Microsoft Outlook accounts - **Social media**: 17 million Facebook, 780,000 TikTok, and 100,000 OnlyFans logins - **Streaming & entertainment**: 3.4 million Netflix subscriptions - **Financial services**: 420,000 Binance cryptocurrency accounts, along with banking and credit card details - **Government & education**: 1.4 million .edu domain credentials and other official systems Investigators traced the breach to **infostealing malware**, which infects devices through phishing, malicious downloads, or compromised websites. The malware logs keystrokes and captures login credentials, funneling them into centralized databases like the one discovered. Each entry included unique identifiers, suggesting the database was designed for large-scale criminal operations, such as account takeovers or ransomware attacks. The implications of this breach are severe, with risks ranging from **identity theft and financial fraud** to potential **espionage** via compromised government and academic accounts. The incident reflects a broader trend of unsecured databases and the growing accessibility of cybercrime tools renting infrastructure for such operations can cost as little as **$200–$300 per month**, enabling even low-skilled threat actors to amass vast troves of data. While no immediate exploits have been confirmed, the exposure underscores persistent vulnerabilities in data security practices. Similar breaches have repeatedly demonstrated how quickly stolen credentials circulate on underground forums, prolonging the threat long after the initial leak. The full impact of this incident may unfold over time as attackers exploit the exposed information.

591
critical -161
YAHFACTIKNETMICONLBINCAN1769189638
Incident Details -
Type
Data Breach
Attack Vector
Infostealing Malware
Vulnerability Exploited
Unsecured Database
Motivation
Financial Gain, Account Takeovers, Ransomware Attacks
Impact
Data Compromised: 149 million usernames and passwords Systems Affected: Email services, social media, streaming, financial services, government/education accounts Brand Reputation Impact: High Identity Theft Risk: High Payment Information Risk: High
Response
Containment Measures: Database taken offline by hosting provider
Data Breach
Usernames Passwords Banking/Credit Card Details Number Of Records Exposed: 149 million Sensitivity Of Data: High Personally Identifiable Information: Yes
Lessons Learned
The incident underscores persistent vulnerabilities in data security practices, particularly the risks of unsecured databases and the accessibility of cybercrime tools. Stolen credentials can circulate on underground forums, prolonging the threat long after the initial leak.
Investigation Status
['Ongoing']
Initial Access Broker
Entry Point: Phishing, Malicious Downloads, Compromised Websites Data Sold On Dark Web: Likely
Post Incident Analysis
Root Causes: Infostealing malware, unsecured database, lack of authentication for sensitive data
References
Blog URL Source URL
DECEMBER 2025
752
NOVEMBER 2025
752
OCTOBER 2025
751
SEPTEMBER 2025
751
AUGUST 2025
751
JULY 2025
751
JUNE 2025
751
MAY 2025
751
APRIL 2025
751
MARCH 2025
751
FEBRUARY 2025
751
APRIL 2023
750
Vulnerability
01 Apr 2023 • Carlsberg Brewery, Canadian Investment Regulatory Organization and White Box Technologies Inc.: NSA dual-hat question, third-party report, GhostPoster extensions
Cybersecurity Roundup: Leadership Shifts, Third-Party Risks, and Emerging Threats

**Cybersecurity Roundup: Leadership Shifts, Third-Party Risks, and Emerging Threats** Recent developments in cybersecurity highlight evolving threats, regulatory breaches, and structural changes in U.S. defense leadership. **U.S. Cyber Command-NSA Leadership Under Review** Army Lt. Gen. Joshua Rudd, nominated to lead the National Security Agency (NSA), U.S. Cyber Command (CYBERCOM), and the Central Security Service, announced during a confirmation hearing that he will assess the efficiency of the dual-hat leadership structure currently held by acting head Lt. Gen. William Hartman if confirmed. Rudd would succeed Gen. Timothy Haugh, who departed in April 2023. **Third-Party Apps Exploit Sensitive Data Without Justification** A report by Reflectiz analyzing 4,700 major websites over the past year found that **64% of third-party applications access sensitive data without a legitimate business need**, up from 51% in 2024. Government and education sectors were most affected, with tools like **Google Tag Manager, Shopify, and Facebook Pixel** frequently implicated. The findings underscore a growing "governance gap" in data access controls. **GhostPoster Malware Expands, Infects 840,000 Users** Researchers at Koi Security identified **17 additional malicious browser extensions** tied to the **GhostPoster campaign**, bringing total installations to **840,000** across Chrome, Firefox, and Edge. The extensions embed malicious JavaScript in logo images to monitor browsing activity, hijack affiliate links, and execute ad fraud. While removed from official stores, the campaign’s reach highlights persistent supply-chain risks. **Law Enforcement Targets Black Basta Ransomware Operatives** Ukrainian and German authorities have **identified two Ukrainian suspects** linked to the Russia-affiliated **Black Basta ransomware group**, accusing them of cracking passwords from stolen data. A **36-year-old Russian national, Oleg Nefedov**, was named as the alleged leader and placed on an international wanted list, with potential ties to the **Conti gang**. **Incidents Impacting Critical Sectors** - **Anchorage Police Department**: A January 7 cyberattack on third-party vendor **White Box Technologies Inc.** disrupted operations, though officials stated no sensitive data was compromised. - **Canadian Investment Regulatory Organization (CIRO)**: A **sophisticated phishing attack** in August 2023 exposed **750,000 investors’ PII and financial data**, though login credentials were unaffected. - **Grubhub**: Hackers breached systems and issued extortion demands, though details on timing and compromised data remain undisclosed. The incident may be linked to a separate **cryptocurrency scam** using Grubhub’s subdomain. - **Carlsberg Brewery**: A vulnerability in visitor wristband systems allowed unauthorized access to **hundreds of attendees’ photos and names** via brute-force attacks. The issue, reported in August 2023, remains unresolved.

746
critical -4
CARCANWHI1768827977
Incident Details -
Type
Third-party data exploitation Malware Ransomware Phishing Data breach Extortion
Attack Vector
Malicious browser extensions Phishing Brute-force attack Third-party vendor compromise
Vulnerability Exploited
Supply-chain risks Governance gap in data access controls Unpatched vulnerabilities in third-party applications
Motivation
Financial gain Data exfiltration Ad fraud Extortion
Impact
PII Financial data Browsing activity Photos and names Affiliate links Third-party applications Browser extensions Visitor wristband systems Investment regulatory systems Disrupted operations (Anchorage Police Department) Unauthorized access to sensitive systems Carlsberg Brewery Grubhub CIRO 750,000 investors' PII exposed
Response
Ukrainian and German authorities (Black Basta)
Data Breach
PII Financial data Browsing activity Photos and names 750,000 (CIRO) Hundreds (Carlsberg) High (PII, financial data) Medium (browsing activity, photos) Yes (CIRO, Carlsberg)
References
Blog URL Source URL

Frequently Asked Questions

According to Rankiteo, the current A.I.-based Cyber Score for Canadian Institute for Cybersecurity is 590, which corresponds to a Very Poor rating.

According to Rankiteo, the A.I. Rankiteo Cyber Score for December 2025 was 752.

According to Rankiteo, the A.I. Rankiteo Cyber Score for November 2025 was 752.

According to Rankiteo, the A.I. Rankiteo Cyber Score for October 2025 was 751.

According to Rankiteo, the A.I. Rankiteo Cyber Score for September 2025 was 751.

According to Rankiteo, the A.I. Rankiteo Cyber Score for August 2025 was 751.

According to Rankiteo, the A.I. Rankiteo Cyber Score for July 2025 was 751.

According to Rankiteo, the A.I. Rankiteo Cyber Score for June 2025 was 751.

According to Rankiteo, the A.I. Rankiteo Cyber Score for May 2025 was 751.

According to Rankiteo, the A.I. Rankiteo Cyber Score for April 2025 was 751.

According to Rankiteo, the A.I. Rankiteo Cyber Score for March 2025 was 751.

According to Rankiteo, the A.I. Rankiteo Cyber Score for February 2025 was 751.

Over the past 12 months, the average per-incident point impact on Canadian Institute for Cybersecurity’s A.I Rankiteo Cyber Score has been -161.0 points.

You can access Canadian Institute for Cybersecurity’s cyber incident details on Rankiteo by visiting the following link: https://www.rankiteo.com/company/canadian_institute_cybersecurity.

You can find the summary of the A.I Rankiteo Risk Scoring methodology on Rankiteo by visiting the following link: Rankiteo Algorithm.

You can view Canadian Institute for Cybersecurity’s profile page on Rankiteo by visiting the following link: https://www.rankiteo.com/company/canadian_institute_cybersecurity.

With scores of 18.5/20 from OpenAI ChatGPT, 20/20 from Mistral AI, and 17/20 from Claude AI, the A.I. Rankiteo Risk Scoring methodology is validated as a market leader.