Data Breach at Moving Companies Affects Canadian Military, Police
Canadian government employees, military, and police personnel affected by data breach at moving companies.
The Canadian government has confirmed a significant data breach affecting its employees, military personnel, and members of the Royal Canadian Mounted Police, stemming from a cyberattack on third-party service providers, Brookfield Global Relocation Services (BGRS) and Sirva Canada. These companies, specializing in moving and relocation, were contracted to assist government employees with their relocation needs.
This data breach, disclosed to the government on October 19, prompted immediate investigative and protective actions, involving the Centre for Cyber Security, the Office of the Privacy Commissioner, and the Royal Canadian Mounted Police.
The breach potentially exposes sensitive personal and financial information dating back to 1999, of both current and former public service employees, along with members of the Canadian Armed Forces and the Royal Canadian Mounted Police. However, the full extent of the breach, including the exact number of individuals affected, remains under investigation.
In response, the government is offering credit monitoring services and the possibility of reissuing passports that might have been compromised, to those who have used the services of BGRS or Sirva Canada in the past 24 years. Additionally, individuals are advised to update their login credentials, especially if they resemble those used with the affected companies, activate multi-factor authentication, and vigilantly monitor their financial and personal accounts for any irregular activities.
While the Canadian government has not provided detailed information on the nature of the cyberattack, the LockBit ransomware group has claimed responsibility, alleging to have stolen data from Sirva Canada and posting it on their leak site. The situation continues to evolve, with the government committed to sharing further information as it becomes available. Concerned current and former employees are encouraged to reach out to their respective departmental privacy teams for further guidance and assistance.