Third-party data breach affecting Canadian government could involve data from 1999

Third-party data breach affecting Canadian government could involve data from 1999

November 21, 2023 at 08:31AM

The government of Canada has confirmed a security breach in which its data was accessed after two third-party service providers were attacked. The breach potentially affects current and former government employees, members of the armed forces, and Royal Canadian Mounted Police workers. The government is currently analyzing a significant volume of data, which could date back to 1999. No formal conclusions have been made yet about the number of workers impacted. The government has notified relevant authorities and is taking proactive measures to support those affected.

Key Takeaways from the Meeting Notes:

1. The government of Canada has confirmed that its data was accessed after two third-party service providers, Brookfield Global Relocation Services (BGRS) and Sirva, were attacked.
2. The breach potentially includes a significant volume of data dating back to 1999, but no formal conclusions have been made regarding the number of workers impacted due to the large-scale task of data analysis.
3. The breached information may belong to current and former Canadian government staff, members of the Canadian armed forces, and Royal Canadian Mounted Police workers.
4. The government has informed the Canadian Centre for Cyber Security, the Office of the Privacy Commissioner, and the Royal Canadian Mounted Police about the breach.
5. Individuals who may be affected are advised to update their login details, enable Multi-Factor Authentication (MFA), and manually monitor their personal accounts for any malicious activity.
6. The government is taking a proactive approach to support those potentially affected, including offering services like credit monitoring and reissuing valid passports.
7. Work is ongoing to identify and address vulnerabilities that may have led to the incident.
8. The attack on BGRS may have impacted data on Sirva’s systems due to the merger between the two companies in August 2022.
9. Limited information is available regarding the scale of data stolen, the compromised information, the number of affected individuals, and the methods used by the attackers.
10. LockBit, a ransomware gang, has claimed responsibility for the attack on Sirva and has published documents allegedly belonging to the company.
11. LockBit initially demanded a $15 million ransom but eventually lowered it to a minimum of $7.5 million after negotiations with Sirva.
12. Authorities and experts advise against paying ransoms, as there is no guarantee that the data will be returned or remain confidential.
13. Sirva has not commented on the incident when approached by The Register.

Full Article