Decades of Canadian Government Employee Data Stolen

In a significant cybersecurity incident, the Canadian government disclosed a data breach that exposed sensitive information of its employees, including members of the Canadian Armed Forces and the Royal Canadian Mounted Police. The breach, which dates back to 1999, involves two of its contractors: Brookfield Global Relocation Services (BGRS) and SIRVA Worldwide Relocation & Moving Services.

The LockBit ransomware gang has claimed responsibility for the breach, particularly targeting SIRVA's systems. According to BleepingComputer, the group has leaked 1.5TB of stolen documents, including details of failed negotiations with SIRVA representatives. The breach first came to light on October 19th when the Canadian government reported the incident to the Canadian Centre for Cyber Security and the Office of the Privacy Commissioner.

In a statement, the Treasury Board of Canada Secretariat warned individuals who have used relocation services from BGRS or SIRVA Canada since 1999 that their data might have been compromised.

"At this time, given the significant volume of data being assessed, we cannot yet identify specific individuals impacted," the Treasury Board said. The Canadian government is currently working with BGRS and SIRVA to investigate the incident and ensure that vulnerabilities exploited in the attack have been addressed.

The Canadian government has used BGRS’s services since 1995, facilitating over 14,000 relocations of members of the Canadian Armed Forces per year. SIRVA Canada has been contracted with the government since at least 2009, according to government records. The two companies merged in August 2022, which might explain the breach's extensive impact.

In response to the breach, the government is offering services to all current and former employees who relocated with BGRS or SIRVA Canada over the last 24 years. These services include credit monitoring and reissuing of passports that may have been compromised. Additionally, officials have urged those potentially affected to update their login credentials, enable multi-factor authentication, and monitor their online accounts for unusual activity.

Sean McNee, VP of Research and Data at DomainTools, highlighted the challenges of securing information provided to third-party companies. "The modern interconnected supply chain within which large enterprises and governments operate creates opportunities for persistent threat actors, such as LockBit, to operate," McNee stated to SC Magazine.

McNee also suggested that citizens consider changing the answers to any security or account recovery questions for critical online accounts, as the leaked information might contain the 'correct' answers to such questions.