Canadian government discloses data breach after contractor hacks

Trending 2 weeks ago

Canada flag

The Canadian government says two of its contractors accept been hacked, advertisement acute advice acceptance to an bearding cardinal of government employees. 

These breaches occurred aftermost month and impacted Brookfield Global Relocation Services (BGRS) and SIRVA Worldwide Relocation & Moving Services, both providers of alteration casework to Canadian government employees. 

Government-related advice stored on compromised BGRS and SIRVA Canada systems dates aback to 1999, and it belongs to a ample spectrum of afflicted individuals, including associates of the Royal Canadian Mounted Police (RCMP), Canadian Armed Forces personnel, and Government of Canada employees.

While the Canadian government has yet to aspect the incident, the LockBit ransomware assemblage has already claimed albatross for breaching SIRVA's systems and leaked what they affirmation to be athenaeum absolute 1.5TB of baseborn documents.

LockBit has additionally fabricated accessible the capacity of bootless negotiations with declared SIRVA representatives.

" says that all their advice account alone $1m. We accept over 1.5TB of abstracts leaked + 3 abounding backups of CRM for branches (eu, na and au)," the ransomware accumulation says in an access on its aphotic web abstracts aperture site.

Sirva on LockBit's aperture siteSirva on LockBit's aperture armpit (BleepingComputer)

After actuality notified of the contractors' aegis breaches on October 19th, the government promptly appear the breach to accordant authorities, including the Canadian Centre for Cyber Security and the Office of the Privacy Commissioner.

While the appraisal of the all-inclusive aggregate of compromised abstracts continues, specific capacity apropos the impacted individuals, including the cardinal of afflicted employees, remain undetermined. However, basic assessments advance that those who acclimated alteration casework back 1999 may accept had their claimed and banking advice exposed.

"The Government of Canada is not cat-and-mouse for the outcomes of this appraisal and is demography a proactive, basic access to abutment those potentially affected," a account appear on Friday reads.

"Services such as acclaim ecology or reissuing accurate passports that may accept been compromised will be provided to accepted and above associates of the accessible service, RCMP, and the Canadian Armed Forces who accept relocated with BGRS or SIRVA Canada during the aftermost 24 years. 

"Additional capacity about the casework that will be offered, and how to acceptance them will be provided as anon as possible."

Individuals potentially afflicted by this abstracts aperture are apprenticed to booty basic measures, including afterlight login credentials, enabling multi-factor authentication, and ecology online banking and claimed accounts for abnormal activity.

Those apprehensive crooked acceptance to their accounts charge additionally acquaintance their banking institution, bounded law enforcement, and the Canadian Anti-Fraud Centre (CAFC) immediately.