CRTC issues $250,000 fines to Sunlight Media, Datablocks

The companies were fined for allegedly aiding the installation of malware through online ads.

The Canadian Radio-television and Telecommunications Commission (CRTC) is cracking down on the installation of malicious software through online ads, issuing notices of violation amounting to $250,000 to Sunlight Media and Datablocks.

The notices were issued by the CRTC’s chief compliance and enforcement officer, Steven Harroun, under Canada’s anti-spam law, fining Datablocks $100,000 and Sunlight Media $150,000 after the companies allegedly aided the installation of malicious software, or malware, through the distribution of online advertising.

Datablocks and Sunlight Media – which both offer online advertising services – were given 30 days to either pay the fines or file written representations to the CRTC.

According to the CRTC’s July 11 release, “Sunlight Media accepted unverified, anonymous clients who used their services to distribute malware,” and “Datablocks provided Sunlight Media’s clients with the necessary infrastructure and software to compete in real-time for the placement of their ads, which contained malware.”

In addition, the CRTC states that neither company had “written contracts in place with their clients that would bind them to comply with Canada’s anti-spam law”; “monitoring measures in place governing how their clients use their service”; or “written corporate compliance policies or procedures in place to ensure compliance with Canada’s anti-spam law.”

The release also states that both companies failed to implement “basic safeguards” after having been notified of reports by cybersecurity researchers in 2015 and again by the CRTC in 2016 – safeguards the CRTC says “are well known to the industry.”

Cybersecurity has been top of mind since almost 87 million Facebook users — approximately 620,000 in Canada — had their data mined by British consulting firm Cambridge Analytica in March of this year.

Photo by Luca Bravo on Unsplash