The City of Toronto told TechCrunch in a revised statement on March 23: “Today, the City of Toronto has confirmed that unauthorized access to City data did occur through a third party vendor. The access is limited to files that were unable to be processed through the third party secure file transfer system.”

“The City is actively investigating the details of the identified files,” said city spokesperson Alex Burke.

TechCrunch initially contacted the city on March 20 for comment after identifying it as an organization that used the GoAnywhere file transfer software at the time of the ransomware attack. The city said its review found “no exfiltration of internal data, nor residents’ data.”

TechCrunch has learned of dozens of organizations that used the affected GoAnywhere file transfer software at the time of the breach, suggesting more victims are likely to come forward.

Over the past few days, the Russia-linked Clop gang has added dozens of other organizations to its dark web leak site, which it uses to extort companies further by threatening to publish the stolen files unless a financial ransom demand is paid.

Canadian financing giant Investissement Québec confirmed to TechCrunch that “some employee personal information” was recently stolen by a ransomware group that claimed to have breached dozens of other companies. Spokesperson Isabelle Fontaine said the incident occurred at Fortra, previously known as HelpSystems, which develops the vulnerable GoAnywhere file transfer tool.

Hitachi Energy also confirmed this week that some of its employee data had been stolen in a similar incident involving its GoAnywhere system, but saying the incident happened at Fortra.

However, while the number of victims of the mass-hack is widening, the known impact is murky at best.  Read On: