Coleman Group says it caught cyberattack in progress that may have accessed employee files

The Coleman Group of Companies says it was the target of a cyberattack in late February and has reason to believe some of its human resources and payroll files were accessed.

According to the company, those filescontainnames, addresses, social insurance numbers and banking information of employees both past and present.

Greg Gill, vice-president of marketing, told CBC News the company's IT teamdiscoveredand quickly stoppedthe attack while it was in progress on the weekend of Feb. 20.

Gill saidthe company issued letters to all employees and former employees informing them of the attack.

"There's evidence to suggest that there was activity or access to certain files on a server. It's not always easy to determine exactly what may have been access or copied," Gill said.

"We, as a company, thought it was best to contact all of our employees, current and former, to do what we thought was the right thing to protect them."

The Coleman Group hired a cybersecurity consultant firm to help in the investigation, and arranged credit monitoring services for current and former employees through Equifax Canada for the next 12 months at no cost to users. The service also comes with identity theft insurance.

Gill said the company is investigating.

But one former employee wonders what information of his was still on file after not having worked for the company in two decades. Jimmy Short posted the company letter on Twitter on Thursday, wondering if others had received the same.

Gill wouldn't say if it's standard practice to retain employee information for so long, but saidthe company got in touch with everyone on itscontact list tooffer them protection "out of an abundance of caution."

According to Newfoundland and Labradorlabour standards, every employer must keep payroll records for each employeefor a period of fouryears from the date of the last entry.

"We just looked at this situation and thought it's best to reach out to everybody, and I can imagine if you were an employee who hasn't worked for us in a number of years, you might wonder what's the situation there," Gill said.

"We just said, 'Look, let's just go back to everybody that we have contacts for and let them know this happened and extend that service to them.'"

Gill said the IT team shut down internal internet and email services to halt the attack, but that move didn't have any negative impacts on business, and the company continued to operate its grocery, furniture and clothing outlets.

"Most of the disruption is just stuff related to the current situation with the COVID pandemic. As it pertains to the breach, we're back to business and just carrying on," Gill said.

"I think cyberattacks right now seem to be more and more prevalent. They happen. It's unfortunate. We wanted to make sure we followed best practices."

Read more from CBC Newfoundland and Labrador