Canadian government discloses data breach after contractor hacks

The Canadian government says two of its contractors have been hacked, exposing sensitive information belonging to an undisclosed number of government employees.  [...]

Nov 20, 2023 - 15:00
  Source
 0  50
Canadian government discloses data breach after contractor hacks

Two Canadian government contractors, Brookfield Global Relocation Services (BGRS) and SIRVA Worldwide Relocation & Moving Services, experienced data breaches last month, compromising sensitive information of numerous government employees. These affected contractors provide relocation services to employees of various government departments, including the Royal Canadian Mounted Police, Canadian Armed Forces, and other federal entities.

The compromised data, stored in the systems of BGRS and SIRVA Canada, includes information dating back to 1999. While the Canadian government has not officially identified the perpetrators behind these breaches, the LockBit ransomware group has claimed responsibility for the cyberattack on SIRVA's systems. LockBit alleges to have leaked around 1.5TB of stolen documents and has publicly disclosed details from their unsuccessful negotiations with purported representatives from SIRVA.

LockBit's entry on their dark web leak site claims, "Sirva.com says that all their information worth only $1m. We have over 1.5TB of documents leaked + 3 full backups of CRM for branches (eu, na and au)," indicating the extensive nature of the breach and the volume of data they claim to have obtained. This incident highlights the growing concerns over cybersecurity threats to government contractors and the need for robust protective measures.

Sirva on LockBit's leak site
Sirva on LockBit's leak site (BleepingComputer)

Upon learning about the security breaches at its contractors, Brookfield Global Relocation Services (BGRS) and SIRVA Worldwide Relocation & Moving Services, on October 19th, the Canadian government took immediate action. It alerted relevant authorities, including the Canadian Centre for Cyber Security and the Office of the Privacy Commissioner.

The scope of data exposed in these breaches, which dates back to 1999, is still being evaluated. Consequently, the exact number of affected employees and the full extent of personal and financial information at risk remain unclear. However, it's suspected that those who availed relocation services since 1999 might have had their data compromised.

The government is not waiting for a complete analysis to act and is adopting a proactive stance to support those who might be affected. Plans are underway to offer services such as credit monitoring and reissuing potentially compromised valid passports. These services will be available to current and former public service members, RCMP, and Canadian Armed Forces personnel who have used the relocation services of BGRS or SIRVA Canada in the past 24 years. Further details on these services and how to access them will be shared promptly.

People who might be impacted by this breach are advised to take immediate preventive steps. These include updating passwords, activating multi-factor authentication, and keeping a close watch on online financial and personal accounts for any signs of unusual activities.

In cases of suspected unauthorized access, individuals should immediately contact their financial institution, local law enforcement, and the Canadian Anti-Fraud Centre (CAFC) for assistance and further action.