IOTW: Data breach exposes sensitive information of Canadian Government employees

The Canadian government has disclosed a data breach after contractor hacks exposed the sensitive information of an undisclosed number of employees. The breaches occurred last month (October 19) and impacted Brookfield Global Relocation Services (BGRS) and SIRVA Worldwide Relocation & Moving Services, which provide location services to Government workers.

In a statement, the Government said that, upon learning about the incident, it took immediate action to investigate the breach which involves information held by the companies about current and former employees, members of the Canadian Armed Forces and Royal Canadian Mounted Police personnel. The incident was reported to the Canadian Centre for Cyber Security, the Office of the Privacy Commissioner and the Royal Canadian Mounted Police (RCMP), it added.

Details on specific individuals impacted were not shared at the time of writing, but the preliminary information indicates that breached information could belong to anyone who has used relocation services as early as 1999, the Government stated. This may include any personal and financial information that employees provided to the companies, it added. The LockBit ransomware group has claimed responsibility for breaching SIRVA’s systems, leaking what appear to be archives containing 1.5TB of stolen documents.

Government of Canada establishing a full assessment of the breach and its impacts

The Government of Canada said it is “not waiting for the outcomes” of the analysis of the incident and is taking a proactive, precautionary approach to support those potentially affected. “Services such as credit monitoring or reissuing valid passports that may have been compromised will be provided to current and former members of the public service, RCMP and the Canadian Armed Forces who have relocated with BGRS or SIRVA Canada during the last 24 years,” it stated.

The Government said it is also meeting with BGRS and SIRVA Canada on a regular basis to monitor progress on the issue, which will continue until it has a full assessment of the breach and its impacts, it added. “Work is underway to verify that any vulnerabilities that contributed to this situation have been addressed by BGRS and SIRVA Canada.”

Take precautionary measures to safeguard financial and personal information

In the meantime, the Government said that anyone who may be affected should take precautionary measures to safeguard financial and personal information online, such as:

• Updating login credentials that may be similar to those used with BGRS or SIRVA Canada.
• Enabling multi-factor authentication (MFA) on accounts that are used for online transactions.
• Monitoring financial and personal online accounts for any unusual activity.

Anyone who sees unauthorized access to personal or financial accounts should notify their financial institution immediately and contact local police, the Government said.

What is LockBit ransomware?

LockBit is a ransomware-as-a-service (RaaS) operator that has been active for more than four years with thousands of victims across various sectors to its name. In June, the US Government revealed that the group has extorted around US$91 million since 2020. “The LockBit RaaS and its affiliates have negatively impacted organizations, both large and small, across the world. In 2022, LockBit was the most active global ransomware group and RaaS provider in terms of the number of victims claimed on their data leak site,” read a cyber security advisory from the US Cybersecurity and Infrastructure Security Agency (CISA).

This week, a new cyber security advisory warned that LockBit affiliates are actively exploiting “Citrix Bleed” (CVE 2023-4966). This is a significant vulnerability that allows threat actors to bypass password requirements and multi-factor authentication (MFA) to hijack legitimate user sessions on Citrix NetScaler web application delivery control (ADC) and gateway appliances.

Earlier this month, LockBit operators published 43GB of data stolen from Boeing after the aerospace giant refused to give in to ransom demands following a cyber attack.

Get the latest insights on the cyber threat landscape

Download our 'Mid-Year State of Cyber Security Report' to learn about the current challenges that cyber security practitioners in Europe, the Middle East, Africa, and North America are facing, and discover where they are focusing their investment decisions in 2023 and beyond.

Read More