Cyber-crime: Third-party data breach affecting Canadian government could involve data from 1999

11:38 01.12.2023 •

Any government staffers who used relocation services over past 24 years could be at risk, writes The Register from Canada.

The government of Canada has confirmed its data was accessed after two of its third-party service providers were attacked.

The third parties both provided relocation services for public sector workers and the government is currently analyzing a "significant volume of data" which could date back to 1999.

No formal conclusions have yet been made about the number of workers impacted due to the large-scale task of analyzing the relevant data.

However, the servers impacted by the breach held data related to current and former Canadian government staff, members of the Canadian armed forces, and Royal Canadian Mounted Police workers - aka Mounties.

"At this time, given the significant volume of data being assessed, we cannot yet identify specific individuals impacted; however, preliminary information indicates that breached information could belong to anyone who has used relocation services as early as 1999 and may include any personal and financial information that employees provided to the companies," a government statement read.

It also informed the Canadian Centre for Cyber Security as well as the Office of the Privacy Commissioner and the Royal Canadian Mounted Police.

Very little has been formally confirmed about the incident at this stage, including the scale of data scooped by the criminals, which info was compromised, how many people are affected, and how the attackers got in.

However, ransomware gang LockBit has claimed an attack on Sirva, and claimed to have published what it says is more than 1.5TB worth of documents belonging to the company, as well as three full CRM backups from its US, UK, and Australia offices. BGRS has not been named on its leak site.


read more in our Telegram-channel