Canadian government discloses data breach after contractor hacks

Canadian government discloses data breach after contractor hacks

November 20, 2023 at 12:27PM

The Canadian government has reported that two of its contractors, Brookfield Global Relocation Services (BGRS) and SIRVA Worldwide Relocation & Moving Services, were hacked, resulting in the exposure of sensitive information belonging to government employees. The breach, reportedly attributed to the LockBit ransomware gang, has affected data dating back to 1999 and includes personal and financial information of individuals such as Royal Canadian Mounted Police members and Canadian Armed Forces personnel. The government is actively taking precautions to support those potentially affected, including providing credit monitoring and reissuing valid passports. Potentially impacted individuals are advised to update their login credentials, enable multi-factor authentication, and monitor their accounts for unusual activity.

Based on the meeting notes, there has been a security breach involving two Canadian government contractors, Brookfield Global Relocation Services (BGRS) and SIRVA Worldwide Relocation & Moving Services. The breaches occurred last month and have exposed sensitive information belonging to government employees, including members of the RCMP, Canadian Armed Forces, and Government of Canada employees. The compromised information dates back to 1999 and is believed to be stored on the compromised systems of BGRS and SIRVA Canada.

While the Canadian government has not yet attributed the incident, the LockBit ransomware gang has claimed responsibility for breaching SIRVA’s systems. They have leaked what they claim to be 1.5TB of stolen documents and have made public the contents of failed negotiations with alleged SIRVA representatives.

The government promptly reported the security breaches to relevant authorities and is currently analyzing the compromised data. The specific details regarding the impacted individuals and the number of affected employees are still undetermined. However, it is believed that individuals who used relocation services since 1999 may have had their personal and financial information exposed.

To support those potentially affected, the Government of Canada is taking a proactive approach. Services such as credit monitoring or reissuing valid passports will be provided to current and former members of the public service, RCMP, and the Canadian Armed Forces who have relocated with BGRS or SIRVA Canada in the last 24 years. More details about these services and how to access them will be provided soon.

Individuals potentially affected by this data breach are urged to take precautionary measures, such as updating their login credentials, enabling multi-factor authentication, and monitoring their online financial and personal accounts for unusual activity. If unauthorized access is suspected, individuals should contact their financial institution, local law enforcement, and the Canadian Anti-Fraud Centre (CAFC) immediately.

Full Article